HTB Certified Bug Bounty Hunter

Intermediate Multi-day practical web bug-bounty style exam + report Pass: Report/objective quality based; exact threshold n… $210

CBBH is a practical bug-bounty oriented credential centered on modern web/API attack techniques and reproducible findings. For 2026, focus on authz logic, chaining medium-severity issues, and crisp PoCs.

Official Page

IssuerHackTheBox

FormatMulti-day practical web bug-bounty style exam + report

DurationUp to 7 days (indicative)

Pass ScoreReport/objective quality based; exact threshold n…

Overview Syllabus (5) Tools (7) Cheat Sheets (2) Labs (3)

Full Syllabus

Web Recon & Attack Surface Mapping 20%

Content discovery, auth flow mapping, API and role-model understanding.

Input Validation & Injection 25%

SQLi, command/template injection, deserialization and related data-flow flaws.

Authentication, Session & Access Control 25%

Broken auth, session handling, IDOR/BOLA, privilege boundary failures.

Business Logic & Modern Web Risks 15%

Race conditions, abuse paths, workflow manipulation, OAuth/JWT pitfalls.

Reporting & Patch Verification 15%

Clear PoC chains, risk contextualization, mitigation and validation guidance.