Skip to content

jabaughman/bug-bounty-learning

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
README.md
README.md
 
 

Repository files navigation

Bug Bounty Curriculum (Year-long)

Month 1-2: Web Fundamentals

1. HTTP/HTTPS

  • Basics: Methods, Status Codes, Headers, Cookies
  • HTTP/2 & HTTP/3
  • Tools: Burp Suite, Wireshark
  • MDN Web Docs

2. Web Browsers

  • Same-origin policy
  • Cross-Origin Resource Sharing (CORS)
  • Security features: CSP, HSTS, WebSockets
  • Browser Internals

3. Web Architecture

4. Server-side

  • Frameworks: Express, Django, Flask, Rails
  • RESTful APIs & GraphQL
  • MVC structure

5. Client-side

  • Deep dive into HTML, CSS, JS
  • Modern JS frameworks: React, Angular, Vue
  • DOM manipulation & event handling

Month 3-4: Common Web Vulnerabilities

1. Authentication and Session Management Bugs

  • Password reset flaws
  • Session fixation
  • JWT issues

2. Access Control Bugs

  • Privilege escalation
  • IDORS
  • Client-side access control bugs
  • Paywall bypass
  • Portswigger Academy

3. Data Exposure

  • Sensitive information in URLs or error messages
  • Misconfigured cloud storage

4. Vulnerable Components

  • Using components with known vulnerabilities

5. Hacking & Practice

Month 5-6: Advanced Web Vulnerabilities

1. CSRF

  • Token-based mitigation
  • SameSite cookies

2. XSS

  • Stored, Reflected, DOM-based
  • Content Security Policy (CSP) bypass

3. SSRF & RCE

4. File Inclusions & Upload Vulnerabilities

5. Subdomain Takeovers

Month 6-8: Hacking + Code Review + Specialization

1. Code Review for Vulnerabilities

  • Git repositories
  • Public code snippets
  • Common coding errors leading to vulnerabilities

2. Specialization (Select Topics based on Interest)

  • Mobile application security
  • IoT security
  • Cloud security (AWS, Azure, GCP)

Month 8-12: Advanced Hacking Techniques

1. Advanced Exploitation Techniques

  • Bypassing WAFs
  • Chaining vulnerabilities
  • Out-of-band data exfiltration

2. Networking and Infrastructure Hacking

  • Basics of network protocols
  • Network vulnerability scanning

3. Automation & Tools

  • Custom scripts for recon and vulnerability scanning
  • Tools: Nmap, Dirsearch, Amass, SQLmap, etc.

4. Responsible Disclosure & Reporting

  • How to write an impactful vulnerability report
  • Ethics and legal considerations

5. Hands-on Practice

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors