Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
About Packt
Contributors
Preface
Index

Salient features of a bug bounty report


Every bug bounty report is different in terms of its technical details but every report has some features and aspects that are common and generic, which provide extra insights on the vulnerability that was identified. The following are some pointers that you can take into account while writing bug bounty reports.

Clarity

The report should be clear and should not misguide the reader into thinking that the researcher is being pushy. The following is an example of a report that sounds unclear:

"I would like to report a very critical using which you can takeover user accounts and should be fixed ASAP."

However, a clear description may contain the following sentence:

"This report contains technical details about a vulnerability in the password reset function which can allow users to take over accounts."

Depth

The program owner who is reading your report knows about your vulnerability as much as you and your report describes it. The report should focus deeply on...