Professional Bug Hunting & Advanced Web Application

Security Testing
A Professional Course on Cyber Security in Bangla by Byte Capsule.

Professional Bug Hunting & Advanced Web Application Security Testing Outline

Course Overview
• Course Title: Professional Bug Hunting & Advanced Web Application Security Testing
• Total Class’s: 40 Classes (Live Class in Bangla Language)
• Class Duration: 02 Hours
• Prerequisites:
1. Basic understanding of Web Technology
2. Prior Knowledge of common Web Vulnerability
3. Basic knowledge of Web Development & security tools.
4. Knowledge of Operating System & Network Fundamental
5. Knowledge of Scripting and Command-Line Usage
6. Prior Experience with Bug Bounty Platforms
7. Comfort with Vulnerability research
8. Ability to think critically and creatively when analyzing Web Application for vulnerability.

• Course Objectives of Advanced Web Application Security:

 Understand the security landscape, modern attack surfaces, and threats.

 Recognize and mitigate vulnerabilities highlighted by the OWASP Top 10.
 Detect and secure applications against SQL Injection (SQLi), Cross-Site Scripting (XSS), Cross-
Site Request Forgery (CSRF), and Server-Side Request Forgery (SSRF).
 Secure authentication mechanisms, session management, and prevent Insecure Direct Object
References (IDOR).
 Master Advancedd Security Concepts and Techniques
 Secure Web Applications Across Different Platforms & Apply Secure Development Lifecycle
(SDLC) Principles

1
[PUBLIC]
• Course Objectives of Professional Bug Hunting:

 Master active and passive reconnaissance techniques to gather target domain and subdomain
information effectively.
 Perform Advancedd Asset Mapping & Fingerprinting.
 Develop expertise in finding vulnerabilities like SQL Injection (SQLi), Cross-Site Scripting
(XSS), CSRF, and IDOR through manual techniques.
 Learn to craft custom payloads for discovering hidden files, directories, and sensitive
information.
 Focus on testing complex, application-specific vulnerabilities that automated tools often miss.
 Perform Advancedd JavaScript and API Endpoint Analysis.
 Understand post-exploitation techniques, including persistence and data extraction, to maximize
bug discovery and increase bounty pay-out’s.
 Master the skill of writing clear, concise, and impactful bug reports with detailed reproduction
steps, impact assessments, and remediation suggestions.
 Utilize Advancedd OSINT Techniques for Bug Discovery & Innovate with Unique Bug Hunting
Techniques

• Required Machine configuration:

Processor: Intel i5 or AMD Ryzen 5 (or equivalent) or higher.

RAM: Minimum 8 GB (Recommend 16 GB for running multiple VMs/Tools smoothly)
Storage: At least 120 GB SSD (Recommended 250 GB or more)
Graphics: Basic GPU (onboard or external) for normal operation.

2
[PUBLIC]
 Advanced Web Application Security Testing Outline

Chapter 01: Information Gathering & Recon

Class 1: Build and Configure your AWAST Lab
Topics:

❖ Deploy Multiple OS

❖ Install all necessary tools.

Class 2: Introduction to Web Reconnaissance

Topics:

❖ Definition and Role in Cybersecurity

❖ Basic Understanding & Vulnerability in Web Technology.

❖ Types of Reconnaissance

❖ Legal and Ethical Considerations

❖ Passive Reconnaissance Techniques

❖ Active Reconnaissance Techniques

❖ Analyzing Reconnaissance Data

Class 3: Web Server Fingerprinting Topics:

❖ Introduction to Web Server Fingerprinting

❖ Types of Fingerprinting Techniques

❖ Tools and Methodologies for Web Server Fingerprinting

❖ Hands-On Active Fingerprinting & Passive Fingerprinting

❖ Analyzing and Interpreting Fingerprinting Data.

❖ Defensive Strategies.

3
[PUBLIC]
Class 4: File & Server Enumeration Topics:

❖ Introduction to File and Server Enumeration

❖ Common File and Directory Enumeration Techniques

❖ Tools for File and Directory Enumeration

❖ Server Configuration Enumeration

❖ Analyzing Server Headers and SSL/TLS Configurations

❖ Hands-On Demonstration: File & Server Enumeration

❖ Defensive Techniques to Mitigate Enumeration

Chapter 02: Entry Points & Path Mapping

Class 5: Identifying Application Entry Points
Topics:

❖ Introduction to Application Entry Points

❖ Identifying Entry Points in URLs and Query Strings

❖ Forms as Entry Points, Header Entry Points, APIs as Entry Points

❖ Hands-On Lab: Discovering Application Entry Points

❖ Defensive Measures and Mitigation Techniques

Class 6: Mapping Web Execution Paths

Topics:

❖ Introduction to Web Execution Paths

❖ Identifying Key Components of Web Execution Paths

❖ Mapping Execution Paths: Manual and Automated Techniques

❖ Analysing Logic Flaws in Execution Paths

❖ Common Vulnerabilities Along Web Execution Paths

❖ Hands-On Mapping and Analysing Web Execution Paths

❖ Defensive Strategies for Securing Web Execution Paths

4
[PUBLIC]
Chapter 03: Configuration Testing
Class 7: Network Configuration Testing
Topics:

❖ Introduction to Network Configuration Testing

❖ Network Configuration Components to Test

❖ Tools and Techniques for Network Configuration Testing

❖ Common Network Configuration Vulnerabilities

❖ Hands-On Network Configuration Testing

❖ Mitigation and Best Practices for Securing Network Configurations

Class 8: Application Configuration Review

Topics:

❖ Introduction to Application Configuration Review

❖ Components of an Application Configuration Review. [Authentication and Authorization

Configuration, Session Management Configuration, Logging and Error Handling, Data and File Handling,
Encryption and Security Headers.]

❖ Tools and Techniques for Configuration Review

❖ Common Application Misconfigurations [Default Credentials and Weak Password Policies, Insecure
Session Management, Improper Error Handling and Information Disclosure, Missing or Misconfigured
Security Headers, Insufficient Logging and Monitoring,

❖ Hands-On Application Configuration Review

❖ Mitigation and Best Practices for Application Configurations

5
[PUBLIC]
Chapter 04: Authentication & Session Management
Class 9: Testing Authentication Mechanisms
Topics:

❖ The Role of Authentication in Web Security, common Authentication Vulnerabilities & Types of
Authentication Mechanisms.

❖ Authentication Testing Components [Password-Based Authentication, Multifactor Authentication

(MFA), Session Management, OAuth and Token-Based Authentication]

❖ Tools and Techniques for Testing Authentication

❖ Common Authentication Vulnerabilities and Exploits [Weak Password Policies, Brute Force and
Credential Stuffing Attacks, Insecure Session Management,]

❖ Hands-On Testing Authentication Mechanisms

❖ Best Practices for Secure Authentication

Class 10: Lockout & Authentication Bypass Testing

Topics:

❖ Definition and Importance, OWASP Top 10: Broken Authentication, Types of Lockout Mechanisms
and Authentication Bypass Attacks

❖ Lockout Mechanism Testing [Account Lockout Policies and Brute Force Attacks, Testing for Lockout
Evasion and Circumvention, Assessing Multi-Factor Authentication (MFA) Lockout Mechanisms]

❖ Authentication Bypass Testing

❖ Tools and Techniques for Lockout & Bypass Testing

❖ Hands-On Lockout & Authentication Bypass Testing

❖ Mitigation Strategies

6
[PUBLIC]
Class 11: Session Handling & Cookie Security
Topics:

❖ Introduction to Session Handling & Cookie Security

❖ Session Management Vulnerabilities [Session Hijacking and Fixation, Insecure Session Token
Generation, Poor Session Timeout and Expiry Controls]

❖ Cookie Security Vulnerabilities [Insecure Cookie Flags (Secure, HTTP Only, Same Site), Cross-Site
Scripting (XSS) and Cookie Theft, Session Token Replay Attacks]

❖ Testing Session and Cookie Security

❖ Hands-On Handling & Cookie Security Testing

❖ Mitigation Strategies

Chapter 05: Input Validation & Injection Testing

Class 12: SQL Injection Testing
Topics:

❖ Introduction to SQL Injection [Introduction, Understanding How Web Applications Work , A More
Complex Architecture, Understanding SQL Injection & How It Happens, Dynamic String Building,
Incorrectly Handled Multiple Submissions etc.]

❖ Types of SQL Injection [Error-Based SQL Injection, Union-Based SQL Injection, Blind SQL
Injection, Time-Based Blind SQL Injection]

❖ Testing for SQL Injection [Manual SQL Injection Testing Techniques, Using Automated Tools for
SQL Injection Testing, Reviewing Code for SQL Injection, Bypassing Input Filters and WAFs]

❖ Hands-On SQL Injection Testing

❖ Advancedd Topics [Evading Input Filters, Exploiting Second-Order SQL Injection, Finding Second
Order Vulnerabilities, Using Hybrid Attacks]

❖ Mitigating SQL Injection Vulnerabilities

7
[PUBLIC]
Class 13: Cross-Site Scripting (XSS)
Topics:

❖ Introduction to Cross-Site Scripting (XSS) [What is XSS? Types of XSS, OWASP Top 10: XSS and
Injection Vulnerabilities etc.]

❖ Understanding How XSS Works

❖ XML and AJAX Introduction, The XSS Discovery Toolkit, XSS Theory, XSS Attack Methods,
Advancedd XSS Attack Vectors, XSS Exploited, XSS Worms

❖ Hands-On XSS Vulnerabilities Testing

❖ Preventing XSS Vulnerabilities

Class 14: Hidden Injection Testing

Topics:

❖ Overview of Injection Attacks, Command Injection, and Other Types, OWASP Top 10: Injection
Threats

❖ Command Injection [How Command Injection Works, Manual Testing Techniques for Command
Injection, Demonstration of Command Injection Exploitation]

❖ Other Injection Attacks [XML Injection, XPath Injection, Testing Techniques for Less Common
Injections]

❖ Hidden Topic

❖ Hidden Topic

Chapter 06: Access Control & Authorization

Class 15: Authorization Schema Testing
Topic:

❖ Introduction to Authorization and Access Control [Definition of Authorization, Types of Access

Control Models, Importance of Authorization Testing]

❖ Common Authorization Vulnerabilities [Insecure Direct Object References (IDOR, Missing Function
Level Access Control, Privilege Escalation Attacks]

❖ Authorization Testing Techniques

8
[PUBLIC]
❖ Hands-On Authorization Testing [Identifying and Exploiting Authorization Vulnerabilities, Testing for
Privilege Escalation etc.]

❖ Best Practices for Authorization Security

Class 16: Forced Browsing & IDOR Testing

Topics:

❖ Overview of Insecure Direct Object References (IDOR)

❖ Real-World Implications of These Vulnerabilities

❖ Forced Browsing [How Forced Browsing Works, Common Scenarios and Examples, Manual Testing
Techniques for Forced Browsing]

❖ Testing for IDOR Vulnerabilities

❖ Common Payloads and Attack Scenarios

❖ Testing for Forced Browsing

❖ Mitigation Strategies for Forced Browsing and IDOR

Chapter 07: Business Logic & Identity Management

Class 17: Testing Business Logic Flaws
Topics:

❖ Introduction to Business Logic Flaws

❖ Importance of Testing for Business Logic Vulnerabilities

❖ Common Types of Business Logic Flaws [Race Conditions, Authorization and Access Control Flaws,
Workflow Manipulation, Input Validation Flaws]

❖ Testing Techniques for Business Logic Flaws [Manual Testing Strategies, Automated Testing Tools,
Analysing Business Processes and Workflows, Parameter Tampering]

❖ Identifying and Exploiting Business Logic Vulnerabilities

❖ Mitigation Strategies for Business Logic Flaws

9
[PUBLIC]
Class 18: Role Definition & Privilege Escalation
Topics:

❖ Importance of Role-Based Access Control (RBAC)

❖ Common Privilege Escalation Vulnerabilities [Vertical Privilege Escalation, Horizontal Privilege

Escalation]

❖ How Privilege Escalation Occurs

❖ Testing Techniques for Privilege Escalation

❖ Analysing Access Controls and User Roles

❖ Mitigation Strategies for Role Definition and Privilege Escalation

Class 19: Account Enumeration & Weak Credentials

Topics:

❖ Introduction to Account Enumeration and Weak Credentials

❖ Common Techniques for Exploiting Account Enumeration [Enumeration Methods, Examples of

Account Enumeration Attacks, Impact of Successful Enumeration]

❖ Weak Credentials and Their Risks

❖ Testing Techniques for Account Enumeration and Weak Credentials [Response Analysis, Common
Password Testing, Error Message Analysis, User Enumeration via Login pages, Dictionary Attacks,
Default Credential Testing, Session Management Testing]

❖ Mitigation Strategies for Account Enumeration and Weak Credentials

Chapter 08: API Testing

Class 20: API Security Overview & API Endpoint Vulnerabilities
Topics:

❖ Definition of APIs and Their Role in Modern Applications

❖ Importance of API Security

❖ Overview of Common API Use Cases

10
[PUBLIC]
❖ Understanding API Endpoint Vulnerabilities [Broken Object Level Authorization, Broken User
Authentication, Excessive Data Exposure, Lack of Resources & Rate Limiting, Broken Function Level
Authorization, Mass Assignment, Security Misconfiguration, Improper Assets Management etc.]

❖ Hands-On Identifying API Endpoint Vulnerabilities

Chapter 09: Advanced Testing Techniques

Class 21: Fuzzing for Vulnerabilities & Red Team
Topics:

❖ Overview of Fuzzing in Security Testing

❖ Types of Fuzzing Techniques [Mutation-Based Fuzzing, Generation-Based Fuzzing, Smart Fuzzing,

Coverage-Guided Fuzzing]

❖ Fuzzing Tools and Frameworks

❖ Hands-On Fuzzing Web Applications

❖ Interpreting Fuzzing Results and Reporting Vulnerabilities

❖ Definition and Goals of Red Teaming, Differences Between Red Teaming and Other Security Testing
Approaches, Importance of Red Team Simulations in Cybersecurity

❖ Overview of Red Team Methodologies (e.g., MITRE ATT&CK Framework, Lockheed Martin Cyber
Kill Chain), Discuss the Lockheed Martin Cyber Kill Chain model.

❖ Common Techniques Used by Red Teams

Chapter 10: Cloud Security & Subdomain Takeovers

Class 22: Subdomain Takeover Testing
Topics:

❖ Introduction to Subdomain Takeover

❖ Types of Subdomain Takeover Scenarios

❖ Tools and Techniques for Subdomain Takeover Testing

❖ Hands-On Conducting Subdomain Takeover Testing

❖ Remediation Strategies

11
[PUBLIC]
Class 23: Cloud Infrastructure Security
Topics:

❖ Definition of Cloud Infrastructure & Overview of the Shared Responsibility Model

❖ Common Vulnerabilities and Threats in Cloud Environments [Misconfiguration Issues, Insecure APIs,
Data Breaches and Data Loss, Account Hijacking, Insider Threats]

❖ Identity and Access Management (IAM)

❖ Identifying Misconfigurations and Vulnerabilities

Class 24: Backup & Unreferenced Files Testing

Topics:

❖ What Are Backup & Unreferenced Files? Why Are They a Security Risk?

❖ Examples of Vulnerabilities Due to Exposed Files

❖ Common Types of Backup and Unreferenced Files [Temporary and Backup Files (e.g., .bak, .old,
.tmp), Log Files, Source Code Files, Database Dumps, Configuration Files (e.g., .env, .config)]

❖ Tools & Techniques for Identifying Backup and Unreferenced Files

❖ Hands-On Backup and Unreferenced Files Testing

❖ Mitigation

Chapter 11: Client-Side Security & Error Handling

Class 25: Cross-Origin Resource Sharing (CORS) & Other Client-Side Misconfiguration Testing
Topics:

❖ What is CORS and Why It Exists? How CORS Works (Preflight Requests, Headers, and Access
Control), CORS Flow and Browser Enforcement

❖ Understanding CORS & Other Client-Side Misconfigurations and Security Risks

❖ Tools & Techniques for CORS Testing

❖ Testing for CORS Misconfigurations & Other Client-Side Misconfiguration in a Web Application

❖ Analysing CORS Headers for Security Flaws

❖ Documenting and Exploiting CORS Vulnerabilities

12
[PUBLIC]
Class 26: Clickjacking & Framebusting
Topics:

❖ Introduction to Clickjacking

❖ Technical Overview of Clickjacking

❖ Common Clickjacking Techniques (e.g., Transparent Frames, Mouse Overlays

❖ Social Engineering Aspects of Clickjacking

❖ Testing for Clickjacking Vulnerabilities

❖ JavaScript-Based Framebusting

❖ HTTP Headers for Frame Protection (X-Frame-Options, CSP Frame Ancestors)

Class 27: Error Handling and Misconfigurations

Topics:

❖ Security Risks of Poor Error Handling and Misconfigurations

❖ Impact of Insecure Error Handling

❖ Manual Testing Techniques (Analysing Responses, Triggering Errors)

❖ Identifying and Testing for Common Security Misconfigurations (File Permissions, Directory Listings)
❖ Testing for Framework and Platform-Specific Misconfigurations

❖ Testing for Misconfigurations using Tools and Scripts

❖ Mitigation Strategies

Chapter 12: The Penetration Testing Execution Standard (PTES)

Class 28: Overview of Penetration Testing and Checklist & Comprehensive Review
Topics:

❖ Pre-engagement Interactions

❖ Intelligence Gathering

❖ Threat Modelling

❖ Vulnerability Analysis

13
[PUBLIC]
❖ Exploitation

❖ Post Exploitation

❖ Reporting

❖ Review all previous classes & assessments

Professional Bug Hunting Outline

Chapter 13: Bug Bounty [Each Class will be conducted with Live Website]
Class 29: Comprehensive Bug Bounty Methodology
Topics:

❖ What is a Bug Bounty?

❖ Benefits for organizations and security researchers

❖ Ethical hackers and security researchers

❖ Understanding the Bug Bounty Lifecycle 1. Preparation Phase 2. Reconnaissance 3. Vulnerability

Identification 4. Exploitation 5. Reporting

❖ Bug Hunting Methodologies

❖ Tools and Resources for Bug Bounty Hunting

❖ Reporting and Communication

❖ Case Studies and Real-World Examples

❖ Best Practices and Tips for Success

Class 30: Reconnaissance (Domain & Subdomain Discovery)

Topics:

❖ Active & Passive Subdomain Enumeration: Tools: Sublist3r, Amass, Assetfinder, crt.sh. Hidden,
Hidden Objective: Enumerate all possible subdomains through both passive and active methods.

❖ DNS & WHOIS Information: Tools: DNSdumpster, WHOIS, SecurityTrails Hidden, Hidden.
Objective: Extract domain and DNS information to map the surface area

14
[PUBLIC]
Class 31: Asset Mapping & Technology Fingerprinting
Topics:

❖ API Discovery & Endpoint Mapping: Tools: Gau, Waybackurls , Hidden, Hidden Objective: Use old
URLs and archived endpoints to map out APIs and resources.

❖ Tech Stack Identification Tools: Wappalyzer, BuiltWith, WhatWeb, Hidden, Hidden. Objective:
Identify the underlying technology stack to tailor your attack techniques (i.e., detect CMS, frameworks,
databases, etc.).

Class 32: Subdomain & Port Filtering

Topics:

❖ Subdomain Filtering Tools: httpx, httprobe, Hidden Objective: Check which subdomains are alive and
assess whether they are vulnerable to subdomain takeovers.

❖ Port Scanning Tools: Nmap, Masscan and more Objective: Identify open ports, services, and running
versions for further analysis (SSH, HTTP, FTP, etc.).

Class 33: “OSINT flaw, Massive Impact”

Topics:

❖ Sensitive Information Disclose by (OSINT) Tools: Google Dorks, Recon-ng, Shodan and more
Objective: Gather additional intelligence from public-facing platforms, including employee names,
emails, or linked repositories.

❖ GitHub Scanning for Leaked Data Tools: GitHound, Gitrob and more Objective: Look for exposed
API keys, tokens, passwords, or credentials.

Class 34: Content Discovery & Fuzzing

Topics:

❖ Directory & File Fuzzing Tools: Dirsearch, ffuf and more Objective: Discover hidden files, directories,
and endpoints that may expose sensitive information or functionality.

❖ Custom Payload Fuzzing Use tailored payloads for specific applications (e.g., targeting login panels
with SQL payloads, XSS vectors in comment forms, etc.).

15
[PUBLIC]
Class 35: JavaScript File Analysis & Automated Vulnerability Scanning
Topics:

❖ Extract and Analyse JS Files Tools: Gau, JSFScan and more Objective: Find hidden API endpoints,
credentials, or internal logic that can be exploited.

❖ Unique Technique: Focus on searching for sensitive data and unintentional disclosures in older or
heavily commented JS files.

❖ Automation for Basic Vulnerabilities Tools: Nuclei, ProjectDiscovery and more Objective: Automate
scanning for common vulnerabilities (e.g., XSS, SQLi, RCE) and known CVEs across all endpoints.

❖ Massive Recon Data Integration Unique approach of combining different data sources (Shodan,
Censys) for more comprehensive scanning results.

Class 36: Manual Vulnerability Testing Part 01

Topics:

❖ SQL Injection (SQLi) Test parameters in URLs, forms, and headers with payloads to detect SQLi

❖ Cross-Site Scripting (XSS) Manual & Automated: Test both reflected and stored XSS vectors. Focus
on creative bypasses for filters (e.g., payloads designed for modern frameworks like Angular or React).

❖ LFI

Class 37: Manual Vulnerability Testing Part 02

Topics:

❖ Cross-Site Request Forgery (CSRF) Look for places where CSRF protection is either absent or
improperly implemented, particularly in critical actions like money transfers, account changes, etc.

❖ Insecure Direct Object References (IDOR) Test for object access vulnerabilities by manipulating user
IDs, file names, or transaction IDs.

16
[PUBLIC]
Class 38: Testing for Business Logic Vulnerabilities
Topics:

❖ Authentication and Authorization Flaws

Techniques: Test for role escalation (e.g., regular users gaining admin access), bypass authentication
mechanisms, and improperly implemented session management.
Objective: Focus on bypassing logic workflows and identifying vulnerabilities in critical business
processes (e.g., order manipulation, account takeover).

Class 39: Unique Techniques & Exploit Development

Topics:

❖ Hidden

Class 40: Reporting & Documentation and Final Review

Topics:

❖ Impact Explanation & Remediation Suggestions Write clear, concise, and actionable reports with exact
reproduction steps.

❖ Impact explanations and remediation suggestions for the bug, offering specific guidance on how to
patch the issue.

❖ Review all previous classes & assessments

For any query knock to https://t.me/AnonBBD

Happy Learning, Stay Safe, Stay Secure

17
[PUBLIC]