SQL injection has been at the top of the OWASP vulnerability listings for many years, the reason being that, if identified and exploited to the full extent, they produce catastrophic outcomes. We reviewed SQL injection as a vulnerability in detail; we looked at its types and sample attack scenarios. Then, we looked at some critical reports about SQL injection that were done by many bug bounty hunters. The goal of this chapter was to provide the reader with an overview about what SQL injection really is and how it can be used in the bug bounty hunting methodology. Initially, we analyzed an SQL injection in Uber, then we looked at an SQL injection in Grab Taxi, and others.
Bug Bounty Hunting Essentials
By :
Bug Bounty Hunting Essentials
By:
Overview of this book
Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers.
This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed.
This book will get you started with bug bounty hunting and its fundamentals.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Free Chapter
Basics of Bug Bounty Hunting
How to Write a Bug Bounty Report
SQL Injection Vulnerabilities
Cross-Site Request Forgery
Application Logic Vulnerabilities
Cross-Site Scripting Attacks
SQL Injection
Open Redirect Vulnerabilities
Sub-Domain Takeovers
XML External Entity Vulnerability
Template Injection
Top Bug Bounty Hunting Tools
Top Learning Resources
Other Books You May Enjoy
Index
Customer Reviews