Hacker101 is a collection of videos that will teach you everything you need to operate as a bug bounty hunter. The material is available for free from HackerOne. Taught by HackerOne’s Cody Brocious, the Hacker101 material is located at this GitHub repository and the videos are available through YouTube.

Additionally, there are coursework levels where you can hunt for bugs and experiment with exploitation in practice.
As of today, there are 14 sessions in Hacker101, covering:

• Tools of the trade
• Cross-site scripting
• Cross-site request forgery
• SQL injection
• Fundamentals of the web and how they impact security
• Directory traversal
• Command injection
• Session fixation
• Clickjacking
• File inclusion
• File upload vulnerabilities
• Crypto fundamentals and how to break commonly seen crypto
• And much, much more