Certified Bug Bounty Hunter (HTB CBBH)
HTB Certified Bug Bounty Hunter (HTB CBBH) is a highly hands-on certification that assesses the candidates’ bug bounty hunting and web application pentesting skills. HTB Certified Bug Bounty Hunter certification holders will possess technical competency in the bug bounty hunting and web application penetration testing domains at an intermediate level.
Training at a glance
Level
Intermediate
Duration
eLearning
Experience
1 year: Penetration Tester
Average Salary
$44,873
Labs
Yes
Level
Intermediate
Duration
eLearning
Experience
1 year: Penetration Tester
Average Salary
$44,873
Labs
Yes
Training Details
This On-Demand product includes HTB Academy and Dedicated Labs.
The HTB Academy allows learners to navigate through Modules, that provide a more guided experience. Modules are broken into parts that include explanations, examples, and assessments.
With the HTB dedicated labs learners utilize virtualized machines that simulate a black-box pentesting experience. Challenges in Dedicated Labs are available in three difficulty levels: easy, medium, and hard. More difficult challenges are worth more points. Dedicated Labs are designed to work like the networks, endpoints, and servers that businesses use, so users can try advanced cyber exploitation techniques.
HTB Certified Bug Bounty Hunter (HTB CBBH) is a highly hands-on certification that assesses the candidates’ bug bounty hunting and web application pentesting skills. HTB Certified Bug Bounty Hunter certification holders will possess technical competency in the bug bounty hunting and web application penetration testing domains at an intermediate level. They will be able to spot security issues and identify avenues of exploitation that may not be immediately apparent from searching for CVEs or known exploit PoCs. They can also think outside the box, chain multiple vulnerabilities to showcase maximum impact, and actionably help developers remediate vulnerabilities through commercial-grade bug reports.
Key Differentiators
Continuous Evaluation - To be eligible to start the examination process, one must have completed all modules of the "Bug Bounty Hunter" job-role path 100% first. Each module in the path comes with its own hands-on skills assessment at the end that students must complete to prove their understanding of the presented topics. The answers to the skills assessment exercises are not provided. Evaluation takes place throughout the journey, not only during the examination!
Hands-on & Real-world Exam Environment - HTB Certified Bug Bounty Hunter (HTB CBBH) candidates will be required to perform actual bug hunting activities against multiple real-world applications. HTB certifications are not based on and do not include multiple-choice questions!
Outside-the-box Thinking & Vulnerability Chaining - HTB Certified Bug Bounty Hunter (HTB CBBH) candidates will be required to think outside the box and chain multiple vulnerabilities to achieve the exam's objectives. Like in real-world engagements, creativity, and in-depth knowledge will be necessary for a successful outcome.
Commercial-grade Report Requirement - Successfully completing all bug bounty hunting activities is not enough to obtain the HTB Certified Bug Bounty Hunter (HTB CBBH) certification. Candidates will also be required to compose a commercial-grade report as part of their evaluation. HTB Certified Bug Bounty Hunter candidates will have to prove they are market-ready and client-centric professionals.
Seamless Experience Powered By Pwnbox - The entire exam and certification process can be conducted through the candidates’ browser, from start to finish. All bug bounty hunting activities can be performed via the provided and in-browser Pwnbox. There are no infrastructural or tool requirements.
Modules
- Web Requests
- Introduction to Web Applications
- Using Web Proxies
- Information Gathering – Web Edition
- Attacking Web Applications with Ffuf
- JavaScript Deobfuscation
- Cross-Site Scripting (XSS)
- SQL Injection Fundamentals
- Command Injections
- File Upload Attacks
- Login Brute Forcing
- Broken Authentication
- Web Attacks
- File Inclusion
- Session Security
- Web Service & API Attacks
- Hacking WordPress
- Bug Bounty Hunting Process
Knowledge Domains
- Bug Bounty Hunting processes and methodologies
- Web application/web service static and dynamic analysis
- Information gathering techniques
- Web application, web service and API vulnerability identification and analysis
- Manual and automated exploitation of various vulnerability classes
- Vulnerability communication and reporting
- Entry level Bug Bounty Hunters
- Junior Web Application Penetration Testers
- Web Developers
The Exam
The candidate will have to perform bug bounty hunting activities against multiple real-world applications hosted in HTB’s infrastructure and accessible via VPN (using Pwnbox or their own local VM). Upon starting the examination process, a letter of engagement will be provided that will clearly state all engagement details, requirements, objectives, and scope. All a candidate needs to perform the required bug bounty hunting activities is a stable internet connection and VPN software. HTB Certified Bug Bounty Hunter certification is the most practical certification for Bug Bounty Hunters that focuses on both bug hunting and professionally communicating findings.
Upcoming Classes
We Offer More Than Just Hack The Box Training
Our successful training results keep our corporate and military clients returning. That’s because we provide everything you need to succeed. This is true for all of our courses.
Strategic Planning & Project Management
From Lean Six Sigma to Project Management Institute Project Management Professional, Agile and SCRUM, we offer the best-in-class strategic planning and project management training available. Work closely with our seasoned multi-decade project managers.
IT & Cybersecurity
ATA is the leading OffSec and Hack the Box US training provider, and a CompTIA and EC-Council award-winning training partner. We offer the best offensive and defensive cyber training to keep your team ahead of the technology skills curve.
Leadership & Management
Let us teach your team the high-level traits and micro-level tools & strategies of effective 21st-century leadership. Empower your team to play to each others’ strengths, inspire others and build a culture that values communication, authenticity, and community.