Bug Hunting Bootcamp

Addressing the Cybersecurity Skill Gap in Africa and Beyond.

Bug Hunting Bootcamp

A 6-Hour Instructor-Led Hands-on Training

Do you wish to gain first-hand knowledge of Bug Hunting? Don't sleep on it, we've got you covered. Bug Hunting Bootcamp will give you a hands-on taste of what it's like to perform security research, find bugs and vulnerabilities in web applications and critical systems, documentation and expert reporting. Learn the practical essentials of bug hunting to begin your journey as a security researcher.

BH Bootcamp is designed to equip beginners and professional individuals with the practical skills required to find bugs and vulnerabilities in web applications and critical systems.

Register

Yes, you can learn practical digital security skills

The BH Bootcamp will give you the needed skills to perform security research, and find bugs and vulnerabilities in web applications and critical systems.

Learn How to Use a Proxy

The bootcamp will leverage various open-source proxy tools to perform recon by examining and analyzing the traffic going to and from a server and examining interesting requests to look for potential vulnerabilities.

Learn Analytical Skill

Analytical skills are one of the most important skills that a digital security professional must have. You will gain skills to analyze problems and identify solutions.

Learn Documentation and Expert Reporting

At BH Bootcamp, you will learn effective documentation of findings and how to effectively communicate your expertise and recommendations through expert report writing.

Bug Hunting Bootcamp

Where is it?

Virtual

When is it?

21st-22nd Of Jan 2023

5pm WAT (GMT +01:00) Daily

FREQUENTLY ASKED QUESTIONS [FAQ]

How do i get into bug bounty

A bug bounty program is a program offered by companies and organizations that rewards individuals for finding and reporting security vulnerabilities in their software or systems. These programs are designed to encourage ethical hackers, also known as "white hat" hackers, to identify and report security issues so that they can be fixed before they can be exploited by malicious actors.


If you're interested in getting into bug bounty hunting, here are a few steps you can take:

  • - Learn about web application security: A good starting point is to learn the basics of web application security and how web applications work. This will give you a solid foundation for understanding the types of vulnerabilities that you may encounter when hunting for bugs.
  • - Learn about web application security: A good starting point is to learn the basics of web application security and how web applications work. This will give you a solid foundation for understanding the types of vulnerabilities that you may encounter when hunting for bugs.
  • - Practice your skills: There are many resources available online that can help you practice your hacking skills, such as vulnerable web applications and capture-the-flag (CTF) challenges. These resources can help you learn about different types of vulnerabilities and how to exploit them.
  • - Join a community: Joining a community of like-minded individuals, such as a bug bounty hunting group or forum, can be a great way to learn from others and stay up-to-date on the latest techniques and tools.
  • - Start small: Begin by testing on small scope and small size applications, and as you build your confidence and skills, increase the scope and size of the applications you test.
  • - Learn to write a good report: Writing a good report is important because it will be used to communicate your findings to the company or organization that runs the bug bounty program. Make sure to include details such as the steps you took to find the vulnerability, how it can be exploited, and any recommendations for how to fix it.

It's important to note that it takes a lot of dedication and practice to become a skilled bug hunter, but with time and effort, it can be a rewarding and lucrative field.

Tools needed in bug bounty

There are a variety of tools that can be useful for bug bounty hunting, depending on the type of testing you're doing and the types of vulnerabilities you're looking for. Here are a few examples of common tools used in bug bounty hunting:


  • - Web browsers: Web browsers such as Google Chrome, Mozilla Firefox, and Microsoft Edge can be used to manually test web applications and identify vulnerabilities.
  • - Burp Suite: Burp Suite is a popular tool that can be used for web application security testing. It includes features such as a web proxy, a web spider, and a web application scanner.
  • - OWASP ZAP: The OWASP ZAP (Zed Attack Proxy) is a free and open-source web application security scanner. It can be used to find vulnerabilities in web applications.
  • - Nmap: Nmap (Network Mapper) is a free and open-source tool that can be used for network exploration and management. It can be used to identify open ports and services on a target system.
  • - sqlmap: Sqlmap is an open-source tool that automates the process of detecting and exploiting SQL injection vulnerabilities.
  • - Metasploit: Metasploit is a powerful framework for developing and executing exploit code. It can be used to test the security of systems and networks by simulating attacks.
  • - Git, Version control system: Keeping track of all your recon and findings, version control system like git can be helpful.

These are just a few examples of the many tools that are available for bug bounty hunting. It's important to note that learning to use these tools is only the first step, the real key is understanding how to apply them effectively and learning how to interpret the results they give you.

Is there a certification awarded after training?

Yes certificate at the end of the bootcamp will be awarded to participants that complete the training.

The necessary skills to become a bug hunter and a cyber security specialist?

Willingness to learn, IT fundamental background, Networking Background, ability to think in the box and outside.

Will the tool to work with be provided?

Yes the trainer will provide the tools needed for you to function and carry out your tasks. Kali Linux will be your best friend here.

Is there going to be access to the replay?

Yes there will be recordings, but why wait until then to understand the concept or join us.

What is Bug Bounty?

A bug bounty program is a program offered by companies and organizations that rewards individuals for finding and reporting security vulnerabilities in their software or systems. The idea behind these programs is that by offering financial incentives, also known as bounties, to ethical hackers, or "white hat" hackers, organizations can identify and fix security issues before they can be exploited by malicious actors.


Participants in bug bounty programs, known as "bounty hunters" or "researchers," typically use their own tools and techniques to test an organization's software or systems for vulnerabilities. When a researcher finds a security issue, they report it to the organization through a designated channel, such as an online form or email address. The organization then triages the report and if the issue is confirmed, it will be fixed and the researcher will be rewarded with a bounty.


Bug bounty programs can be run by companies of all sizes, from small startups to large multinational corporations. They can also be run on a variety of platforms, including web applications, mobile apps, and even hardware devices. The scope of a bug bounty program can vary as well, with some programs focusing on specific products or services, while others cover an entire organization's assets.


Bug bounty programs can be run by companies of all sizes, from small startups to large multinational corporations. They can also be run on a variety of platforms, including web applications, mobile apps, and even hardware devices. The scope of a bug bounty program can vary as well, with some programs focusing on specific products or services, while others cover an entire organization's assets.

Platforms that offer Bounties for Bug

There are a number of platforms that offer bug bounty programs, both for organizations looking to run a program and for researchers looking to participate in one. Here are a few examples:


  • - HackerOne: HackerOne is one of the most popular bug bounty platforms and is used by a wide range of organizations, from small startups to large enterprises. It offers a variety of features such as program management, vulnerability triage, and researcher payments.
  • - Bugcrowd: Bugcrowd is another popular bug bounty platform that connects organizations with a global community of security researchers. It offers a range of services, including program management, vulnerability triage, and researcher payments.
  • - Synack: Synack offers a unique approach to bug bounty program, it combines a global community of security researchers with its own team of experts, known as "Red Team."
  • - Cobalt: Cobalt is a platform that helps organizations run private bug bounty programs. It includes features such as program management, vulnerability triage, and researcher payments
  • - OpenBugBounty: OpenBugBounty is a free and open-source platform that helps organizations run public bug bounty programs.
  • - Gitcoin: Gitcoin is a platform that allows open-source projects to run their own bug bounties using cryptocurrency.

These are just a few examples of the many platforms that are available for organizations to run and for researchers to participate in bug bounty programs. Some other platforms include: BugBountyHQ, YesWeHack, and Synack Red Team.

It's worth noting that some companies also run their own in-house bug bounty programs and don't use any of these platforms.

What's the duration of the training for each day?

It will be a 3 hours per day