Bug Bounty Hunting Essentials

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir

Buy this Book

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Buy this Book

Overview of this book

Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers. This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed. This book will get you started with bug bounty hunting and its fundamentals.

Title Page

About Packt

Contributors

Preface

Free Chapter

Basics of Bug Bounty Hunting

Bug bounty hunting platforms

Types of bug bounty program

Bug bounty hunter statistics

Bug bounty hunting methodology

How to become a bug bounty hunter

Rules of bug bounty hunting

Summary

How to Write a Bug Bounty Report

Prerequisites of writing a bug bounty report

Salient features of a bug bounty report

Format of a bug bounty report

Responding to the queries of the team

Summary

SQL Injection Vulnerabilities

SQL injection

Types of SQL injection vulnerability

Goals of an SQL injection attack for bug bounty hunters

Uber SQL injection

Grab taxi SQL Injection

Zomato SQL injection

LocalTapiola SQL injection

Summary

Cross-Site Request Forgery

Protecting the cookies

Why does the CSRF exist?

Detecting and exploiting CSRF

XSS – CSRF's best friend

Cross-domain policies

CSRF in the wild

Summary

Application Logic Vulnerabilities

Origins

Following the flow

Application logic vulnerabilities in the wild

Summary

Cross-Site Scripting Attacks

Types of cross-site scripting

How do we detect XSS bugs?

Workflow of an XSS attack

Real bug bounty examples

Summary

SQL Injection

Origin

Example

Automation

SQL injection in Drupal

Summary

Open Redirect Vulnerabilities

Redirecting to another URL

Constructing URLs

Executing code

URL shorteners

Why do open redirects work?

Detecting and exploiting open redirections

Exploitation

Impact

Black and white lists

Open redirects in the wild

Summary

Sub-Domain Takeovers

The sub-domain takeover

Internet-wide scans

Exploitation

Mitigation

Sub-domain takeovers in the wild

Summary

XML External Entity Vulnerability

How XML works

How is an XXE produced?

Detecting and exploiting an XXE

Templates

XXEs in the wild

Summary

Template Injection

Summary

Top Bug Bounty Hunting Tools

HTTP proxies, requests, responses, and traffic analyzers

Automated vulnerability discovery and exploitation

Recognize

Extensions

Summary

Top Learning Resources

Social networks and blogs

Meetings and networking

Conferences

Podcasts

Summary

Other Books You May Enjoy

Leave a review - let other readers know what you think

Index

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Mitigation

If someone configured a rule to point one domain to another domain and then forgot about it, the only way to solve the problem is to constantly review all of the DNS records in an organization.

In this case, we recommend using RiskIQ to monitor any changes in your infrastructure.

Bug Bounty Hunting Essentials

By : Carlos A. Lozano, Shahmeer Amir

Bug Bounty Hunting Essentials

By: Carlos A. Lozano, Shahmeer Amir

Overview of this book

Related Content you might be interested in

Current Title:

Bug Bounty Hunting Essentials

Hands-On Application Penetration Testing with Burp Suite

Hands-On Bug Hunting for Penetration Testers

Kali Linux Web Penetration Testing Cookbook

Mitigation