The Complete Guide to Bug Bounty Hunting you own this product

'); $(document.body).append('
loading reading lists ...
'); function adjustReadingListIcon(isInReadingList){ $readingListToggle.toggleClass("fa-plus", !isInReadingList); $readingListToggle.toggleClass("fa-check", isInReadingList); var tooltipMessage = isInReadingList ? "edit in reading lists" : "add to reading list"; $readingListToggle.attr("title", tooltipMessage); $readingListToggle.attr("data-original-title", tooltipMessage); } $.ajax({ url: "/readingList/isInReadingList", data: { productId: 3188 } }).done(function (data) { adjustReadingListIcon(data && data.hasProductInReadingList); }).catch(function(e){ console.log(e); adjustReadingListIcon(false); }); $readingListToggle.on("click", function(){ if(codePromise == null){ showToast() } loadCode().then(function(store){ store.requestReadingListSpecificationForProduct({ id: window.readingListsServerVars.externalId, manningId: window.readingListsServerVars.productId, title: window.readingListsServerVars.title }); ReadingLists.ReactDOM.render( ReadingLists.React.createElement(ReadingLists.ManningOnlineReadingListModal, { store: store, }), document.getElementById("reading-lists-modal") ); }).catch(function(e){ console.log("Error loading code reading list code"); }); }); var codePromise var readingListStore function loadCode(){ if(codePromise) { return codePromise } return codePromise = new Promise(function (resolve, reject){ $.getScript(window.readingListsServerVars.libraryLocation).done(function(){ hideToast() readingListStore = new ReadingLists.ReadingListStore( new ReadingLists.ReadingListProvider( new ReadingLists.ReadingListWebProvider( ReadingLists.SourceApp.marketplace, getDeploymentType() ) ) ); readingListStore.onReadingListChange(handleChange); readingListStore.onReadingListModalChange(handleChange); resolve(readingListStore); }).catch(function(){ hideToast(); console.log("Error downloading reading lists source"); $readingListToggle.css("display", "none"); reject(); }); }); } function handleChange(){ if(readingListStore != null) { adjustReadingListIcon(readingListStore.isInAtLeastOneReadingList({ id: window.readingListsServerVars.externalId, manningId: window.readingListsServerVars.productId })); } } var $readingListToast = $("#reading-list-toast"); function showToast(){ $readingListToast.css("display", "flex"); setTimeout(function(){ $readingListToast.addClass("shown"); }, 16); } function hideToast(){ $readingListToast.removeClass("shown"); setTimeout(function(){ $readingListToast.css("display", "none"); }, 150); } function getDeploymentType(){ switch(window.readingListsServerVars.deploymentType){ case "development": case "test": return; case "qa": return; case "production": return; case "docker": return ReadingLists.DeploymentType.docker; default: console.error("Unknown deployment environment, defaulting to production"); return; } } }); } });
Essentials of ethical hacking and penetration testing for bug bounties

pro $24.99 per month

  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose one free eBook per month to keep
  • exclusive 50% discount on all purchases

lite $19.99 per month

  • access to all Manning books, including MEAPs!


5, 10 or 20 seats+ for your team - learn more

Look inside

Learn the essential tools and techniques for hunting and exploiting vulnerabilities in web and Android applications. Equip yourself with the knowledge and skills to find and responsibly disclose vulnerabilities to companies, gaining rewards through existing bug bounty programs. Master the best practices of ethical hacking to detect bugs and improve security.

This comprehensive, seven-hour course covers three key areas:

Fundamentals of OWASP Top 10 Vulnerabilities

We start the course with a look at the most common vulnerabilities currently present in web applications. The OWASP Top Ten, from the Open Web Application Security Project, helps bug bounty hunters to know what to look for in penetration tests. We break down these vulnerabilities and demonstrate what to look for in order to detect them.

Kali Linux and Web Application Hacking

Web applications are currently some of the most common targets for bug bounties, so we’ll see how to create meaningful attacks against them. We’ll use Kali Linux tools, which are popular with both attackers and the defenders trying to secure web apps against those attacks. We’ll work with Nmap, SQLmap, Commix, Wfuzz, Metasploit, and many other tools to gather information about targets and launch attacks to expose their vulnerabilities.

Foundations of Hacking and Penetration Testing Android Apps

Most companies now have apps that are included in bug bounty programs. Learning how to scan and exploit these apps can often be a lucrative way to gain bounties. Given the new focus on application development, apps make a great target for bug bounties.

Distributed by Manning Publications

This course was created independently by Scott Cosentino and is distributed by Manning through our exclusive liveVideo platform.


Basic knowledge of Linux and programming

about the instructor

Scott Cosentino is a developer and teacher who works primarily in software development and computer security. He is passionate about teaching and has inspired students in large classes, one-on-one, and online video courses. He believes mathematics and computer science can be approachable and fun, and tailors his courses to be easy to comprehend, with exploration of the what, why, and how of every topic. Because computer science and programming topics are not spectator sports, he provides many examples and practice problems for students to learn and practice.

what's a liveVideo?
Find out more

choose your plan


only $33.33 per month
  • five seats for your team
  • access to all Manning books, MEAPs, liveVideos, liveProjects, and audiobooks!
  • choose another free product every time you renew
  • choose twelve free products per year
  • exclusive 50% discount on all purchases
  • The Complete Guide to Bug Bounty Hunting liveVideo for free