It is a great moment for all hackers around: Hack The Box and HackerOne
are teaming up to provide a new, innovative Bug Bounty Hunter education!
We take bug bounty education seriously as it is one of the ways in which we create a better and safer cyber world while providing a stable source of income to hackers all around the globe. Over the last year, the payout for a critical vulnerability increased to $3,650 and the average amount paid per vulnerability is $979. This is for sure a great time to become a hunter: find vulnerabilities, report them, get a reward!
As two communities that are gathering hundreds of thousands of cybersecurity enthusiasts and enabling people in making their passion an actual occupation, we now decided to work together, utilizing HTB’s education expertise and HackerOne’s bug bounty platform to provide the best in class bug bounty learning path that seamlessly connects graduates to real-world bug bounty opportunities.
The intention is to combine Hack The Box training with the HackerOne treasure map by creating an exciting HTB Academy job-role path focusing on bug bounty methodologies and web application hacking.
About The Path
Firstly announced during HackerOne’s HacktivityCon 2021, the Bug Bounty Hunter job-role path is designed for individuals who want to enter this world with little to no prior experience. The path covers core web application security assessment and bug bounty hunting concepts and provides a deep understanding of the attack tactics used during bug bounty. Armed with the necessary theoretical background, multiple practical exercises, and a proven bug bounty hunting methodology, students will go through all bug bounty hunting stages, from reconnaissance and bug identification to exploitation, documentation, and communication to vendors/programs.
The entire job-role path consists of 20 different modules in scalable difficulty and logical order to enable a great learning experience: each module is accompanied by practical lab exercises and skills assessment exercises.
All the modules are entirely created by the HTB Academy team, led by the Training Director Dimitrios Bougioukas and the Head of Training Development Ben Rollin (aka mrb3n), with the outstanding support of subject matter experts as Zeyad AlMadani, Shaksam Jaiswal, Miroslav Stampar, Sandro Zaccarini, and Valentin Dobrykov.
Web Applications Fundamentals
- Web Requests
- Introduction to Web Applications
- Using Web Proxies
- Information Gathering
- Attacking Web Applications with Ffuf
Input Validation Security Testing
- Cross-Site Scripting (XSS)
- SQL Injection Fundamentals
- SQLMap Essentials
- Command Injection
Authentication, Authorization & Session Security Testing
- Login Brute Forcing
- Broken Authentication
- Other Web Attacks
- File Inclusion / Directory Traversal
Common Web & Internal Application Testing
Bug Bounty Hunting
- Bug Bounty Hunting Methodology
- File Upload Attacks
- Session Security
- Web Attacks
- Server-Side Attacks
Upon completing the job-role path, students will have become proficient in the most common bug bounty hunting and attack techniques against web applications and be in the position of professionally reporting bugs and start gaining income from it.
Your progress will also be shown on both platforms. Bug bounty graduates will receive an exclusive custom badge on their HackerOne profiles too!
We are very excited to provide such content to both communities and anyone else willing to learn more about bug bounty out there. It is a unique opportunity to access high-quality education content powered by two great teams as Hack The Box and HackerOne while gaining access to the first-ever bug bounty certification in the market.
Oh, wait… Did we say certification? Well, yes!
Users completing the Bug Bounty Hunter job-role path will be able to purchase a voucher for the upcoming “HTB Certified Bug Bounty Hunter” exam (valid for two attempts).
Are you ready to hunt them all? Let’s put your skills on paper!
Hack The Box Team