Bug bounty programs are deals offered by prominent companies where white-hat hackers can be rewarded for finding bugs in applications. The number of prominent organizations with such programs has been on the increase, leading to a lot of opportunity for ethical hackers.
This book will start by introducing you to the concept of bug bounty hunting. After that, we will dig deeper into concepts of vulnerabilities and analysis, such as HTML injection and CRLF injection. Toward the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to follow.
This book will get you started with bug bounty hunting and its fundamentals.
This book is targeted at white-hat hackers or anyone who wants to understand the concept behind bug bounty hunting and this brilliant way of penetration testing.
This book does not require any knowledge of bug bounty hunting.
Chapter 1, Basics of Bug Bounty Hunting, gives you an overview of what bug bounty hunting is and what the key steps for doing it are, including the techniques, platforms, and tools that are necessary for it.
Chapter 2, How to Write a Bug Bounty Report, provides you with information on how to use a vulnerability coordination platform to write bug bounty reports and how to respond to company's questions with caution and respect. It will also provide tips on how to increase payouts.
Chapter 3, SQL Injection Vulnerabilities, focuses on CRLF bug bounty reports. A CRLF injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.
Chapter 4, Cross-Site Request Forgery, is about basic Cross-Site Request Forgery (CSRF) attacks and bug bounty reports. CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.
Chapter 5, Application Logic Vulnerabilities, is about business logic and application logic flaws. Application business logic flaws are unique to each custom application, potentially very damaging, and difficult to test. Attackers exploit business logic by using deductive reasoning to trick and ultimately exploit the application.
Chapter 6, Cross-Site Scripting Attacks, covers Cross-Site Scripting (XSS) vulnerabilities. XSS is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.
Chapter 7, SQL Injection, is mostly about finding SQL injection flaws in bug bounty programs. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements via web page input.
Chapter 8, Open Redirect Vulnerabilities, is about open redirect vulnerabilities in web applications. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.
Chapter 9, Sub-Domain Takeover, focuses on sub-domain takeover vulnerabilities. A sub-domain takeover is considered a high-severity threat and boils down to the registration of a domain by somebody else (with malicious intentions) in order to gain control over one or more (sub-)domains.
Chapter 10, XML External Entity Vulnerability, is about XML External Entity (XXE) attacks. XXE refers to a specific type of Server-Side Request Forgery (SSRF) attack, whereby an attacker is able to cause Denial of Service (DoS) and access local or remote files and services by abusing a widely available, rarely used feature in an XML parser.
Chapter 11, Template Injection, is mainly about template injection vulnerabilities. Template injection vulnerabilities arise when applications using a client-side or server-side template framework dynamically embed user input in web pages.
Chapter 12, Top Bug Bounty Hunting Tools, reviews the most used tools for web application security assessments. Most of them are open source or for free, but we will also mention some tools that are licensed.
Chapter 13, Top Learning Resources, lists some resources to be updated in the new technologies, exploiting techniques and vulnerability disclosures.
There are a number of text conventions used throughout this book.
CodeInText: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: "In a vulnerability example, the subdomain (hello.domain.com) uses a canoninal name"
A block of code is set as follows:
package subjack import ( "log" "sync" )
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
package subjack
import (
"log"
"sync"
)Any command-line input or output is written as follows:
$ amass -d bigshot.beet $ amass -src -ip -brute -min-for-recursive 3 -d example.com
Bold: Indicates a new term, an important word, or words that you see onscreen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Right-click on a website and select Inspect Element"
Feedback from our readers is always welcome.
General feedback: If you have questions about any aspect of this book, mention the book title in the subject of your message and email us at [email protected].
Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packt.com/submit-errata, selecting your book, clicking on the Errata Submission Form link, and entering the details.
Piracy: If you come across any illegal copies of our works in any form on the Internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material.
If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.
Please leave a review. Once you have read and used this book, why not leave a review on the site that you purchased it from? Potential readers can then see and use your unbiased opinion to make purchase decisions, we at Packt can understand what you think about our products, and our authors can see your feedback on their book. Thank you!
For more information about Packt, please visit packt.com.
The information within this book is intended to be used only in an ethical manner. Do not use any information from the book if you do not have written permission from the owner of the equipment. If you perform illegal actions, you are likely to be arrested and prosecuted to the full extent of the law. Packt Publishing does not take any responsibility if you misuse any of the information contained within the book. The information herein must only be used while testing environments with proper written authorizations from appropriate persons responsible.