Web Application Security and Bug Bounties in 2020 | Joe McCray Mentorship

Hey, what’s up InfoSecAddicts! Another
morning in D.C. Anyway guys, figured I’d catch up with you guys with another Mentor Moment. What I wanted to give you guys some advice to try today, is a tool
called BURPSUITE. BURPSUITE is a Web App Testing tool a lot of people are
really I don’t want to say it’s the most popular Web App Testing tool, but, it’s
definitely up there, I definitely think you ought to play with BURPSUITE, but, I
have to give you a way to try to use BURPSUITE, so, there’s that same guy that
I like his videos his name is @thenewboston it looks like he took the video series down, but, there’s someone else who’s hosting it on YouTube,
he’s got a BURPSUITE tutorial series okay, so, here’s the link to it, right here, and in that BURPSUITE tutorial series he walks you through testing something
called BWAPP, a Web App training Platform, that teaches you Web App
Testing. What I really think would be good for
you to do, to get some fundamentals of how to use BURPSUITE, how to use
INTRUDER, and how to use all the different components in BURPSUITE, the
interface is going to look a little bit different, because it’s a little old, and
now BURPSUITE has a new look to it but you should still be able to get
through the bulk of the exercises I really think you want to do all of those
things in that BURPSUITE tutorial get a little comfortable with the interface
and how it looks and how it works and all that kind of stuff, then I can start
pointing you guys towards, doing some more web app testing and some more advanced type things, definitely, like how to play with my Web Services, and things like
that. That’s where the real value in testing is going to be If you’re beyond that, if you’re already comfortable with BURPSUITE, there’s a guy on the internet
his name is Jason Haddix, Jason has come up with something called: The Bug Hunters methodology, so, he’s got a process that he uses, when he’s going after Bug
Bounties he works for a company called Bugcrowd. I definitely think if you’re beyond that and you’re beyond like how to use BURPSUITE, to do basic testing, then, what you want to do is go through Jason’s video. Jason did a really good video where he walks through the whole process of
how he tests for Bug Bounties. He spoke at Def Con on it, did pretty good, here’s
another video, that goes a little bit more in-depth on the process of doing
Bug Bounties with BURPSUITE. All the different things that you should be
testing for and trying, I think you’ll get a lot of value out of that. For our Mentor Moment for today, again, Start with the basics of BURPSUITE, right? Here’s the video series for that here we go again; definitely check out Jason Haddix Def Con talk Right? Here’s that, and then, we’ve got a couple of other videos that are related to Bug Bounties, the methodology, and that’s these right here, OK? OK, thanks for hanging out for our
Mentor Moment, and I’ll see you in the next one You guys take care! And I just loved the Sun…. excuse me, sunset, sunrise… OK, there’s that morning traffic. … But, gotta love how that sunrise looks ah? It´s not freaking gorgeous?

5 thoughts on “Web Application Security and Bug Bounties in 2020 | Joe McCray Mentorship

  • 🔗LINKS🔗

    ☑️Burp Suite for Web Application | Bwapp | Security by Bucky

    🔗 http://bit.ly/2RcfEKL

    ☑️DEF CON 23 – Jason Haddix

    🔗 http://bit.ly/37SD9yy

    ☑️Bug Bounty Hunting Methodology v2 – Jason Haddix from Bugcrowd's

    🔗 http://bit.ly/2Pg74IH

    ☑️Using BurpSuite's Intruder to find bugs and solve Bug Bounty Notes & Hacker101 CTFs

    🔗 http://bit.ly/2P1zGoO

    ☑️Special thanks to:

    🔗Burp Suite – Cybersecurity Software from PortSwigger




  • The burp suite (hosted by someone else on YouTube ) tutorial is incomplete. The new Boston charges $69 for a course. Any other resources to use for burp suite?

  • can you help please, I couldn't signup it showing error while trying to login to get my image and accepting the terms is not showing as well

Leave a Reply

Your email address will not be published. Required fields are marked *