{"podcast":{"title":"David Bombal","slug":"david-bombal-5315180","podcast_index_feed_id":5315180,"rss_url":"https://feeds.soundcloud.com/users/soundcloud:users:599643036/sounds.rss","website_url":"https://www.instagram/davidbombal","image_url":"https://i1.sndcdn.com/avatars-z7yUriryCu0jXWgt-G7UGeQ-original.jpg","author":"David Bombal","episode_count":500,"summary":"Want to learn about IT? Want to get ahead in your…","last_synced_at":"2026-06-17T00:20:36.982473+00:00","page_url":"https://stenobird.com/podcast/david-bombal-5315180"},"episode":{"title":"#558: Top 4 Web hacking demos for aspiring hackers (with labs and CTF)","slug":"558-top-4-web-hacking-demos-for-aspiring-hackers-with-labs-and-ctf","published_at":"2026-03-16T13:47:27+00:00","page_url":"https://stenobird.com/podcast/david-bombal-5315180/558-top-4-web-hacking-demos-for-aspiring-hackers-with-labs-and-ctf","show_page_url":"https://stenobird.com/podcast/david-bombal-5315180","url":"https://soundcloud.com/davidbombal/558-top-4-web-hacking-demos","audio_url":"https://feeds.soundcloud.com/stream/2284685441-davidbombal-558-top-4-web-hacking-demos.mp3","summary":"Big thanks to ‪@ThreatLocker‬ for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal Are you looking to get into bug bounty hunting but feel overwhelmed or worried the field is oversaturated? In this video, full-time bug bounty hunter Justin Gardner shares a realistic, actionable guide to web hacking for beginners. We dive straight into the practical side with five live demonstrations of common web vulnerabilities—all done using just your browser and DevTools. Justin explains how Insecure Direct Object Reference (IDOR), Broken Access Controls, Cross-Site Scripting (XSS), and Cross-Site Request Forgery (CSRF) work in the real world, including stories of finding these exact bugs on major platforms like Google. After the demos, we tackle the biggest questions new hackers have: Is there still money to be made in 2026? How has AI changed the landscape? And what is the exact roadmap to landing your first bounty? Justin breaks down his \"200-hour rule\" for learning, why you need to get comfortable with failing, and the best resources (like HackerOne and PortSwigger) to help you launch your cybersecurity career today. // Labs and more here: // Labs: https://ztw.ctbb.show/ More labs: https://labs.cai.do/ And more labs: https://portswigger.net/web-security // Justin Gardner’s SOCIAL // YouTube: / @criticalthinkingpodcast LinkedIn: / rhynorater X: https://x.com/Rhynorater GitHub: https://rhynorater.github.io/aboutme/ / David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davi…","meta_description":"Big thanks to ‪@ThreatLocker‬ for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use th…","key_points":[],"chapters":[],"topics":[],"duration_seconds":1512,"processing_state":"not_requested","actions":[{"name":"request_transcript","method":"POST","url":"https://stenobird.com/v1/public/podcasts/david-bombal-5315180/episodes/558-top-4-web-hacking-demos-for-aspiring-hackers-with-labs-and-ctf/transcription-requests","description":"Idempotently request low-priority transcript generation for this episode."},{"name":"read_markdown","method":"GET","url":"https://stenobird.com/podcast/david-bombal-5315180/558-top-4-web-hacking-demos-for-aspiring-hackers-with-labs-and-ctf.md","description":"Read the agent-friendly Markdown representation of this episode resource."}]}}