Burp Suite Practitioner Web App Penetration Testing Course
- Description
- Curriculum
- FAQ
- Reviews
Burp Suite Professional Labs – Web Application Penetration Testing & Bug Bounty Hunting
Welcome to the Burp Suite Professional – Web Application Penetration Testing & Bug Bounty Hunting training course.
Your instructor is Martin Voelk. He is a Cyber Security veteran with 25 years of experience. Martin holds some of the highest certification incl. CISSP, OSCP, OSWP, Portswigger BSCP, CCIE, PCI ISA and PCIP. He works as a consultant for a big tech company and engages in Bug Bounty programs where he found thousands of critical and high vulnerabilities.
This course features all current 145+ Practitioner labs. Martin is solving them all and giving useful insight on how to find and exploit these vulnerabilities. He is not just inserting the payload but explains each step on finding the vulnerability and why it can be exploited in a certain way. The videos are easy to follow along and replicate. Martin is also dropping a lot of tips and tricks for those who wish to get the Burp Suite Certified Practitioner certification (BSCP). This training is highly recommended for anyone who wants to become a professional in Web Application Penetration Testing, Web Application Bug Bounty Hunting or take the Burp Suite Certified Practitioner certification (BSCP) certification.
It will feature all apprentice labs in the following sections:
· SQL injection
· Cross-site scripting
· Cross-site request forgery (CSRF)
· Clickjacking
· DOM-based vulnerabilities
· Cross-origin resource sharing (CORS)
· XML external entity (XXE) injection
· Server-side request forgery (SSRF)
· HTTP request smuggling
· OS command injection
· Server-side template injection
· Directory traversal
· Access control vulnerabilities
· Authentication
· WebSockets
· Web cache poisoning
· Insecure deserialization
· Information disclosure
· Business logic vulnerabilities
· HTTP Host header attacks
· OAuth authentication
· File upload vulnerabilities
· JWT
· Essential skills
· Prototype pollution
Notes & Disclaimer
Portswigger labs are a public and a free service from Portswigger for anyone to use to sharpen their skills. All you need is to sign up for a free account. I will update this course with new labs as they are published. I will to respond to questions in a reasonable time frame. Learning Web Application Pen Testing / Bug Bounty Hunting is a lengthy process, so please don’t feel frustrated if you don’t find a bug right away. Try to use Google, read Hacker One reports and research each feature in-depth. This course is for educational purposes only. This information is not to be used for malicious exploitation and must only be used on targets you have permission to attack.
-
2
SQL injection UNION attack, determining the number of columns returned by the qu -
3
SQL injection UNION attack, finding a column containing text
-
4
SQL injection UNION attack, retrieving data from other tables
-
5
SQL injection UNION attack, retrieving multiple values in a single column
-
6
SQL injection attack, querying the database type and version on Oracle
-
7
SQL injection attack, querying the database type and version on MySQL and MS
-
8
SQL injection attack, listing the database contents on non-Oracle databases
-
9
SQL injection attack, listing the database contents on Oracle
-
10
Blind SQL injection with conditional responses
-
11
Blind SQL injection with conditional errors
-
12
Blind SQL injection with time delays
-
13
Blind SQL injection with time delays and information retrieval
-
14
Blind SQL injection with out-of-band interaction
-
15
Blind SQL injection with out-of-band data exfiltration
-
16
SQL injection with filter bypass via XML encoding
-
17
DOM XSS in document.write sink using source location.search inside a select elem
-
18
DOM XSS in AngularJS expression with angle brackets and double quotes HTML-enc.
-
19
Reflected DOM XSS
-
20
Stored DOM XSS
-
21
Exploiting cross-site scripting to steal cookies
-
22
Exploiting cross-site scripting to capture passwords
-
23
Exploiting XSS to perform CSRF
-
24
Reflected XSS into HTML context with most tags and attributes blocked
-
25
Reflected XSS into HTML context with all tags blocked except custom ones
-
26
Reflected XSS with some SVG markup allowed
-
27
Reflected XSS in canonical link tag
-
28
Reflected XSS into a JavaScript string with single quote and backslash escaped
-
29
Reflected XSS into a JavaScript string with angle brackets and double quotes esc
-
30
Stored XSS into onclick event with angle brackets and double quotes HTML-encoded
-
31
Reflected XSS into a template literal with angle brackets, single, double quotes
-
32
CSRF where token validation depends on request method
-
33
CSRF where token validation depends on token being present
-
34
CSRF where token is not tied to user session
-
35
CSRF where token is tied to non-session cookie
-
36
CSRF where token is duplicated in cookie
-
37
SameSite Lax bypass via method override
-
38
SameSite Strict bypass via client-side redirect
-
39
SameSite Strict bypass via sibling domain
-
40
SameSite Lax bypass via cookie refresh
-
41
CSRF where Referer validation depends on header being present
-
42
CSRF with broken Referer validation
-
51
Blind XXE with out-of-band interaction
-
52
Blind XXE with out-of-band interaction via XML parameter entities
-
53
Exploiting blind XXE to exfiltrate data using a malicious external DTD
-
54
Exploiting blind XXE to retrieve data via error messages
-
55
Exploiting XInclude to retrieve files
-
56
Exploiting XXE via image file upload
-
60
HTTP request smuggling, basic CL.TE vulnerability
-
61
HTTP request smuggling, basic TE.CL vulnerability
-
62
HTTP request smuggling, obfuscating the TE header
-
63
HTTP request smuggling, confirming a CL.TE vulnerability via differential resp.
-
64
HTTP request smuggling, confirming a TE.CL vulnerability via differential respon
-
65
Exploiting HTTP request smuggling to bypass front-end security controls, CL.TE
-
66
Exploiting HTTP request smuggling to bypass front-end security controls, TE.CL
-
67
Exploiting HTTP request smuggling to reveal front-end request rewriting
-
68
Exploiting HTTP request smuggling to capture other users' requests
-
69
Exploiting HTTP request smuggling to deliver reflected XSS
-
70
Response queue poisoning via H2.TE request smuggling
-
75
Basic server-side template injection
-
76
Basic server-side template injection (code context)
-
77
Server-side template injection using documentation
-
78
Server-side template injection in an unknown language with a documented exploit
-
79
Server-side template injection with information disclosure via user-supplied obj
-
80
File path traversal, traversal sequences blocked with absolute path bypass
-
81
File path traversal, traversal sequences stripped non-recursively
-
82
File path traversal, traversal sequences stripped with superfluous URL-decode
-
83
File path traversal, validation of start of path
-
84
File path traversal, validation of file extension with null byte bypass
