<div style="margin:20px 0 0 200px"> To view the site, enable JavaScript by changing your browser options, then <a href="">Try Again</a>.</div>

Bug Bounty Hunting - Offensive Approach to Hunt Bugs. This course will cover most of the vulnerabilities of OWASP TOP 10 & Web Application Penetration Testing. You will start as a beginner with no hands-on experience on bug bounty hunting and Penetration testing, after this course you will emerge as stealth Bug Bounty Hunter.

Course Rating

View All Reviews »

Students Enrolled and Counting…

Full List of Alumni »

Why learn Bug Bounty Hunting?

Bug Bounty
Bug Bounty Hunting

Course Syllabus »

Hall of Fame
Rewards & Appreciation

Cyber Security

Web Application Penetration Testing



40 hours - 2 classes per week



Anyone who wants to take part in too big bounty sites and earn money

Course Fees

Course Fees

Class Room Training

Inclusive of all taxes

Online Training

Inclusive of all taxes

What You Will Get?

40 Hours
of in depth training by the best bug bounty hunter

Study Materials

Bug Bounty Hunting
Certificate of Completion after examination and alumni status

Course Details

  1. The duration of the course is 40 hours at 2 classes per week
  2. The course fee is Rs.30,000/- for classroom and Rs.40,000/- Rs.30,000/- for online
  3. The curriculum is taught combining theory and practical
Module 1: 2 Hours - 3 Topics
  • Introduction (Day 1)
  • Introduction Burpsuit (Day 1)
  • Information Gathering (Day 1)
  • XSS (Day 2)
  • Blind XSS (Day 2)
  • Host header Injection (Day 3)
  • Data Tampering (Day 3)
  • Vulnerability Related to SPF (Day 4)
  • HTML Injection (Day 4)
  • File Inclusion (Day 5)
  • Forced Browsing (Day 5)
  • Server Side Request Forgery (SSRF) (Day 6)
  • Source Code Disclosure Vunerability (Day 7)
  • SQL Injection (Day 8)
  • Advance SQL Injection (Day 8)
  • Advance SQL Injection (Day 9)
  • Cross Site Request Forgery (CSRF) (Day 10)
  • XML External (Day 11)
  • Rate Limiting Attack (Day 11)
  • Long Password Dos attack (Day 12)
  • Buffer overflow (Day 12)
  • IDOR (Day 13)
  • Account Takeover (Day 13)
  • CMS Vulnerability (Day 14)
  • Drupal (Day 14)
  • Information Disclosure (Day 15)
  • Cryptographic related vulnerability (Day 15)
  • Command Injection (Day 16)
  • Different types of RCE (Remote Code Execution) (Day 16)
  • Web cache deception (Day 17)
  • SSTI (Server-Side Template Injection) (Day 18)
  • DNS Zone transfer (Day 19)
  • Session Puzzling (Day 19)
  • HSTS (HTTP Strict Transport Security) (Day 20)
  • GraphSQL (Day 20)

Hacking Tutorials

Read All Tutorials »
Building a career in Digital Forensic - How promising is the future? A thorough career guide
Building a career in Digital Forensic - How promising is the future? A thorough career guide
Read Details »

Hacking Videos

Explore All Videos »
How to Hiding Your Secret File using Steganography?
View On Youtube »

Related Course

Enroll Now »

Enroll Now

Fields marked with * are mandatory.

Know Your Faculty
Mr. Sandeep Sengupta
Mr. Sandeep Sengupta
CISA, Certified Ethical Hacker, ISO 27001:2013 Lead Auditor, Lead Privacy auditor, GDPR Implementer

21 years of experience working in India, New Zealand & Singapore; in Information Security domain as Ethical Hacker, ISO 27001 Lead Auditor / Tutor, BS 10012 Privacy Lead Auditor, Mr. Sandeep Sengupta has conducted security audit in companies like ONGC, KPMG, PWC, Airtel, Vodafone, Accenture, Capgemini, Vedanta, PayU, Bandhan Bank, ABP, etc.

He has been invited as a speaker at FICCI, VIT (Vellore), Nasscom, CII, BCCI, ICAI, ISACA, FICCI, CeBIT, US High Commission (Kolkata), etc. He has taken part in several Television shows on ABP, ETV, NDTV, AajTak, Times Now, etc. In 2005, Sandeep founded the online community "Hackers Library"; which had 80,000+ members, making it the largest Indian online forum for cyber-security professionals at its time. Mr. Sengupta is the committee member at Nasscom (East) & CII ICT-East.

Mr. Kirit Sankar Gupta
Mr. Kirit Sankar Gupta
B. Tech (IT), OSCP, CEH 10.0, CHFI 9.0, ISO Certified Lead Security Incident Manager (ISO/IEC 27035), ISO Certified Lead Forensic Examiner (CLFE), CCNA, CCNP

A Penetration Tester with 6 years of experience, Kirit has the expertise in Mobile Application Pentesting Network, IoT Penetration Testing, Source-code review, Fuzzing, Red teaming, Social Engineering, Digital Forensic and Incident Response, Dev(Sec)Ops, Malware Analysis as well as SOC analysis. He has been acknowledged for reporting critical vulnerabilities to Uber, Apple, Flipkart, and MIT. Mr. Kirit Sankar Gupta is the member of Data Security Council of India (Kolkata).

Mr. Saumitra Biswas
Mr. Saumitra Biswas
M Tech - Computer Science, MSc (Statistics), GATE qualified

Mr. Saumitra Biswas is M.Tech in computer science from Netaji Subhash Engineering College, GATE qualified in computer science and a MSC in statistics from Kalyani University. He has 20 years of experience. His technical interests include Machine Learning, Neural Networks, Genetic Algorithms and Object Oriented Programming. He is skilled in C, C++, C#, Dotnet, Java, Python, Matlab, Unix, MS Windows XP, Windows 7, My SQL, Oracle, MS Access, HTML, XML, CSS and PHP. He take classes on AI & ML in ISOAH, as well as act as mentors to interns & project trainees.

Ms. Amrita Acharya
Ms. Amrita Acharya
M Tech in CSE, ISO 27001 Lead Auditor (IRCA/BSI)

After completion of her Master degree, she has worked with ISOAH as an intern for few years before joining full time as security analyst. She has been involved in internal audit, policy design, ISMS consultancy for more than 2 years. She is well versed in Kali Linux, Nmap, Metasploit, ITGC, ISO 27001 & COBIT framework. ISOAH clients she has provided active consultancy are CESC, Diadem, Lexplosion, Diamond Beverages, etc. As part of her hobby, she has been a professional model in her free time.


Ratings & Reviews

Bug Bounty Hunting

Course Rating
Based On
100 Students Rating

Date: 28.01.2020
Course: Bug Bounty Hunting

The course is great in terms of practical knowledge it provides to actually hunt bugs on live websites, never heard those techniques before, very beneficial course for those who are stepping into the field of bug hunting. Nice course that covers all the basic aspects of web application penetration testing and the most common techniques for Bug Bounty Programs.



What is the course content?
  • History of Bug bounties
  • Difference between Penetration Test and Bug Bounties
  • How a Pentester turns into a bug bounty hunter?
  • Platforms, ways to participate
  • Bug Hunter Methodology Android
  • Bug Hunter Methodology Web
    • The tricks and tips
    • Practicals of approaching a target
    • Creating the best possible of the scope
    • Where to look and what to look for
    • XSS, CSRF, SQLi, IDOR…
    • How much important is the report?
    • Best tools to use
  • Bug Hunter Methodology IOS
  • Let's do it right now…
  • Legal issues and being safe
  • Best of the submissions - Hackerone
  • How to Learn and improvise
What is the course Duration?

The duration of the course is 40 hours at 2 classes per week.

What is the course Methodology?

The course is administered in theory as well as practical.

What is the course Prerequisites?

Anyone who wants to take part in too big bounty sites and earn money.

Member of:

Data Security Council of India