Web Reconnaissance & OSINT
15%
Subdomain enumeration, JS analysis, Google dorking, certificate transparency, Wayback Machine
HTTP Fundamentals
10%
HTTP/2 protocol, headers, cookies, authentication mechanisms, proxy configuration
Injection Attacks
20%
SQLi (all types), XSS (reflected/stored/DOM), command injection, SSTI, NoSQL injection
Authentication Attacks
15%
Brute force, session attacks, JWT exploitation, OAuth misconfigs, password reset flaws
Modern Web Vulnerabilities
20%
SSRF, XXE, IDOR, CORS misconfigs, Race Conditions, HTTP Smuggling, Cache Poisoning
API Security Testing
10%
REST/GraphQL testing, broken object-level auth, excessive data exposure, mass assignment
Bug Bounty Methodology
10%
Scope analysis, report writing, CVSS, triage process, responsible disclosure