# Bug Hunter's Methodology **Course Abstract** Bugcrowd is happy to offer a full day workshop for bug hunters to learn both intro and advanced topics in web bug hunting. Each BCU module will go over a vulnerability describing it's nature, how to identify it, how to exploit it, relevant tools associated to it, and have labs for students to test their skills. These Bugcrowd University modules are designed to enable the crowd to spot and exploit Priority One level bugs, even in seemingly complex web applications. * (Intro) What makes a good submission * (Intro) Burp Suite Workshop * (Intermediate) Asset Discovery and Recon- IP enumeration (ASNs and Cloud) * Brand Enumeration (Acquisitions, RevWHOIS, Reverse tracker Analysis) * Subdomain Enumeration (Scraping and Bruteforcing) * Effective Port Scanning * Version based vulnerability analysis * Directory Bruteforcing / Content Discovery best practices * Prioritizing target testing areas by technology and features(Advanced) * (Advanced) XML External Entity Injection * An introduction to XXE * XXE Identification * XXE Tooling / payloads * XXE LABS * (Advanced) Authorization & Access Control Testing (MFLAC, IDOR) * The ever-giving IDOR and MFLAC * Examples * LABS * (Advanced) Server Side Request Forgery- An introduction to SSRF * SSRF Identification * SSRF Tooling * SSRF LABS * (Advanced) Security Misconfiguration (Git, AWS, Subdomain, ++) * introduction to AWS s3 Permissions * Labs * git pillaging * Labs * Github robbing * Live exercise * CI/Code repositories exploitation (no lab) * Subdomain takeover * Labs **Upon Completion of this training, attendees will know:**\ At the end of this course, students should have some solid fundamentals in web testing for vulnerabilities that are more likely to show up in the wild TODAY. Not only does the course aim to arm the student with the technique, tools, and labs, but also a contextual and data-driven methodology on where and how to look for each vulnerability. **Attendees should bring:**\ Laptop, Burp Suite (PRO preferably), VM or equivalent access to \*nix command line. **Pre-requisites for attendees:**\ General Web application security testing knowledge required.\ Some topics will assume some knowledge of OWASP Top Ten type vulnerabilities. These trainings are 100% FREE to all OWASP Seasides attendees, first come first served basis only! **About the trainer**\ **Jason Haddix** is the VP of Researcher Growth at Bugcrowd. Jason trains and works with internal analysts to triage and validate hardcore vulnerabilities in mobile, web, and IoT applications/devices. He also works with Bugcrowd to improve the security industries relations with the researchers. Jason’s interests and areas of expertise include mobile penetration testing, black box web application auditing, network/infrastructural security assessments, wireless network assessment, binary reverse engineering, and static analysis. **The registration is closed. However, all the events and workshops are on first come first serve basis. Please reach the venue early to grab your spot.** {% embed url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://2019.owaspseasides.com/events/bug-hunters-methodology.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.