SANS SEC552: Bug Bounties and Responsible Disclosure (PDF-VID-LAB)

2,100.00

SANS SEC552 teaches students how to apply modern attack techniques, inspired by real-world bug bounty case studies. The course will teach pen testers how to discover and responsibly disclose tricky, logic-based application flaws that automated scanning tools do not reveal.

Pen testers and security researchers face the challenge of discovering and weaponizing complicated vulnerabilities in order to properly perform security assessments for applications. Modern applications are enriched with advanced and complex features that increase the attack surface. Every application has its own unique logic that requires the pen tester to deeply understand how the app functions before beginning a security assessment. Discovering and exploiting tricky security bugs in these assessments requires the art of mixing manual and automated techniques.

Bug bounty programs are put in place so that the security community can help vendors discover application security flaws that are difficult to discover and exploit. The scope of such programs includes security bugs for web apps, mobile apps, APIs, and more. Large IT companies, such as Google, Facebook, Twitter, and PayPal, have participated in such programs. Security researchers who follow the responsible disclosure policy of bug bounty programs are rewarded and acknowledged, since such programs improve and secure applications.

HOMEPAGE – https://www.sans.org/cyber-security-courses/bug-bounties-and-responsible-disclosure/

 

Original Price: $2,800
Our Price: $25

Description

Size: 14.6 GB

SEC552 is inspired from case studies found in various bug bounty programs, drawing on recent real-life examples of web and mobile app attacks. The experiences of different researchers yield ideas for pen testers and developers about unconventional attack techniques and mindsets. Each section of the course is influenced by bug bounty stories that are examined through the following structure:

  • Attack concept: The idea, concept, and root cause of the attack.
  • Test technique: How to test and discover the application security flaw manually and automatically.
  • Attack exercise: This lab uses tools such as Burp Professional to analyze the vulnerable applications.
  • Related bug bounty case study: Analysis of several bug bounty stories that are related to the attack.
  • Defense techniques: The best security practices to defend from the attack and mitigate the application security flaws.

Who Should Attend SEC552?

  • Penetration testers: The course will enrich the skills of pen testers through real-life stories and practical labs covering the most popular web and mobile app attacks.
  • Software developers and architects: The course will help developers link attack and defense techniques while discovering security bugs in the source code before making the app public.
  • Security engineers: The course will help attendees who are managing a bug bounty program or planning to implement one by enabling them to practice the techniques used by security researchers to report security bugs, and to verify if the bugs are valid or false positives.
  • Network/system engineers: The course will help attendees fill the gap of application security and get started in the field.

 

Related products

  • Security , Shop

    eLearnSecurity – Web Application Penetration Testing eXtreme v2

    Course at a glance

    • The most advanced course on Web App Pentesting
    • Based on techniques professional pentesters use
    • Master advanced Web Application attacks & security tools
    • In-depth Web Application Vulnerabilities analysis
    • Covers XSS, SQL Injection, HTML5 and much more
    • In-depth obfuscation and encoding techniques
    • Bypassing filters and WAF techniques included
    • Explore HTML5 and XML attacks vectors and exploits
    • Explore advanced …

    570.00

  • Security , Shop

    eLearnSecurity – Practical Web Defense

    Course at a glance

    • Close the gap between Web application attack and defense
    • Mitigation advices for multiple platforms and languages
    • The most comprehensive and practical coverage of the OWASP Testing Guide
    • Comprehensively aligned to OWASP methodologies, tools and tests
    • Covers and goes beyond OWASP TOP 10
    • Detailed techniques and methodology to simplify defense of web applications
    • No boring theory: practice oriented curriculum

    575.00

  • Security , Shop

    Antivirus Evasion Course By DedSec (In Hindi)

    Course Topic

    1. Introduction of AVS Crypters & Virus
    2. Bypass AVS Runtime using Based64 Technique
    3. Signature Cloning Bypassing Runtime
    4. Bypass Windows Defender For Lifetime
    5. Make your Stub Clean
    6. Manually Encrypting Virus using Algorithm
    7. Using Different Algorithm For Cleaning Virus
    8. Making FUD Virus Using C# And HEX
    9. Code Your Own Crypter
    10. Android Botnet

     

    HOMEPAGE – https://www.dedseec.com/product/antivirus-evasion-professional-course/

     

    Original Price: 2000
    Our Price: 370

    370.00

  • Security , Shop

    eLearnSecurity – Web Application Penetration Testing v3

    Course at a glance

    • Start from the very basics, all the way to advanced post-exploitation activities
    • Wide coverage of OWASP’s TOP 10
    • Master Burp Suite
    • In-depth Web application analysis, information gathering and enumeration
    • XSS & SQL Injection
    • Session related vulnerabilities
    • LFI/RFI
    • HTML5 attacks
    • Pentesting Content Management Systems (CMS)
    • Pentesting NoSQL databases and NoSQL-related APIs / NoSQL injections
    • Start from Web …

    512.00