Book Image

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir
Book Image

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.

Related Content you might be interested in

Current Title:

Small book image
Bug Bounty Hunting Essentials
Carlos A. Lozano | Shahmeer Amir
Nov, 2018 | 270 pages
Small book image
Hands-On Application Penetration Testing with Burp Suite
Carlos A Lozano | Riyaz Ahemed Walikar | Dhruv Shah
Feb, 2019 | 366 pages
Small book image
Hands-On Bug Hunting for Penetration Testers
Joe Marshall
Sep, 2018 | 250 pages
Small book image
Kali Linux Web Penetration Testing Cookbook
Gilberto NajeraGutierrez
Aug, 2018 | 404 pages
Table of Contents (20 chapters)
Title Page
Title Page
Copyright and Credits
Copyright and Credits
About Packt
About Packt
Contributors
Contributors
Preface
Preface
Free Chapter
1
Basics of Bug Bounty Hunting
Basics of Bug Bounty Hunting
Bug bounty hunting platforms
Types of bug bounty program
Bug bounty hunter statistics
Bug bounty hunting methodology
How to become a bug bounty hunter
Rules of bug bounty hunting
Summary
2
How to Write a Bug Bounty Report
How to Write a Bug Bounty Report
Prerequisites of writing a bug bounty report
Salient features of a bug bounty report
Format of a bug bounty report
Responding to the queries of the team
Summary
3
SQL Injection Vulnerabilities
SQL Injection Vulnerabilities
SQL injection
Types of SQL injection vulnerability
Goals of an SQL injection attack for bug bounty hunters
Uber SQL injection
Grab taxi SQL Injection
Zomato SQL injection
LocalTapiola SQL injection
Summary
4
Cross-Site Request Forgery
Cross-Site Request Forgery
Protecting the cookies
Why does the CSRF exist?
Detecting and exploiting CSRF
XSS – CSRF's best friend
Cross-domain policies
CSRF in the wild
Summary
5
Application Logic Vulnerabilities
Application Logic Vulnerabilities
Origins
Following the flow
Application logic vulnerabilities in the wild
Summary
6
Cross-Site Scripting Attacks
Cross-Site Scripting Attacks
Types of cross-site scripting
How do we detect XSS bugs?
Workflow of an XSS attack
Real bug bounty examples
Summary
7
SQL Injection
SQL Injection
Origin
Example
Automation
SQL injection in Drupal
Summary
8
Open Redirect Vulnerabilities
Open Redirect Vulnerabilities
Redirecting to another URL
Constructing URLs
Executing code
URL shorteners
Why do open redirects work?
Detecting and exploiting open redirections
Exploitation
Impact
Black and white lists
Open redirects in the wild
Summary
9
Sub-Domain Takeovers
Sub-Domain Takeovers
The sub-domain takeover
Internet-wide scans
Exploitation
Mitigation
Sub-domain takeovers in the wild
Summary
10
XML External Entity Vulnerability
XML External Entity Vulnerability
How XML works
How is an XXE produced?
Detecting and exploiting an XXE
Templates
XXEs in the wild
Summary
11
Template Injection
Template Injection
What's the problem?
Detection
Exploitation
Mitigation
SSTI in the wild
Summary
12
Top Bug Bounty Hunting Tools
Top Bug Bounty Hunting Tools
HTTP proxies, requests, responses, and traffic analyzers
Automated vulnerability discovery and exploitation
Recognize
Extensions
Summary
13
Top Learning Resources
Top Learning Resources
Training
Books and resources
CTFs and wargames
YouTube channels
Social networks and blogs
Meetings and networking
Conferences
Podcasts
Summary
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Black and white lists

Lists are used to avoid input validation errors during application development. These lists are divided into two main groups:

  • Blacklist: A group of strings that are blocked by the application, in order to avoid being entered by the user. For example, they can be used to avoid the most common testing strings, such as '11==1--, or <script>alert(1)</script>.
  • Whitelist: The application allows data that follows a certain structure. For example, consider an application that has a registration form, and it is waiting for the user to enter an email address. A developer blocks an invalid email address using a blacklist. This is done by creating regular expressions in the application to accept any email address. But this value needs to have the usual email address structure, which means, it needs to have an @ character, a user, domain, and so on.

Mixing blacklists and whitelists works very well for most input-validation scenarios, but in open redirects, it...

Previous Section
End of Section 10
Next Section