Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hands-On Bug Hunting for Penetration Testers
  • Table Of Contents Toc
Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

By : Himanshu Sharma, Joe Marshall
4 (2)
Buy this Book
close
close
Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

4 (2)
By: Himanshu Sharma, Joe Marshall
Buy this Book

Overview of this book

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs. You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You’ll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it’s found), and how to create the tools for automated pentesting work?ows. Then, you’ll format all of this information within the context of a bug report that will have the greatest chance of earning you cash. With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.
Table of Contents (16 chapters)
close
close
close
Preface
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Get in touch
Lock Free Chapter
1
Joining the Hunt
Icon
Joining the Hunt
Icon
Technical Requirements
Icon
The Benefits of Bug Bounty Programs
Icon
What You Should Already Know – Pentesting Background
Icon
Setting Up Your Environment – Tools To Know
Icon
What You Will Learn – Next Steps
Icon
How (Not) To Use This Book – A Warning
Icon
Summary
Icon
Questions
Icon
Further Reading
2
Choosing Your Hunting Ground
Icon
Choosing Your Hunting Ground
Icon
Technical Requirements
Icon
An Overview of Bug Bounty Communities – Where to Start Your Search
Icon
The Vulnerability of Web Applications – What You Should Target
Icon
Evaluating Rules of Engagement – How to Protect Yourself
Icon
Summary
Icon
Questions
Icon
Further Reading
3
Preparing for an Engagement
Icon
Preparing for an Engagement
Icon
Technical Requirements
Icon
Attack Surface Reconnaisance – Strategies and the Value of Standardization
Icon
Summary
Icon
Questions
Icon
Further Reading
4
Unsanitized Data – An XSS Case Study
Icon
Unsanitized Data – An XSS Case Study
Icon
Technical Requirements
Icon
A Quick Overview of XSS – The Many Varieties of XSS
Icon
Testing for XSS – Where to Find It, How to Verify It
Icon
XSS – An End-To-End Example
Icon
Summary
Icon
Questions
Icon
Further Reading
5
SQL, Code Injection, and Scanners
Icon
SQL, Code Injection, and Scanners
Icon
Technical Requirements
Icon
SQLi and Other Code Injection Attacks – Accepting Unvalidated Data
Icon
Testing for SQLi With Sqlmap – Where to Find It and How to Verify It
Icon
Trawling for Bugs – Using Google Dorks and Python for SQLi Discovery
Icon
Scanning for SQLi With Arachni
Icon
NoSQL Injection – Injecting Malformed MongoDB Queries
Icon
SQLi – An End-to-End Example
Icon
Summary
Icon
Questions
Icon
Further Reading
6
CSRF and Insecure Session Authentication
Icon
CSRF and Insecure Session Authentication
Icon
Technical Requirements
Icon
Building and Using CSRF PoCs
Icon
CSRF – An End-to-End Example
Icon
Summary
Icon
Questions
Icon
Further Reading
7
Detecting XML External Entities
Icon
Detecting XML External Entities
Icon
Technical requirements
Icon
A simple XXE example
Icon
XML injection vectors
Icon
XML injection and XXE – stronger together
Icon
Testing for XXE – where to find it, and how to verify it
Icon
XXE – an end-to-end example
Icon
Summary
Icon
Questions
Icon
Further reading
8
Access Control and Security Through Obscurity
Icon
Access Control and Security Through Obscurity
Icon
Technical Requirements
Icon
Security by Obscurity – The Siren Song
Icon
Data Leaks – What Information Matters?
Icon
Low Value Data – What Doesn’t Matter
Icon
Data Leak Vectors
Icon
Unmasking Hidden Content – How to Pull the Curtains Back
Icon
Data Leakage – An End-to-End Example
Icon
Summary
Icon
Questions
Icon
Further Reading
9
Framework and Application-Specific Vulnerabilities
Icon
Framework and Application-Specific Vulnerabilities
Icon
Technical Requirements
Icon
Known Component Vulnerabilities and CVEs – A Quick Refresher
Icon
WordPress – Using WPScan
Icon
Ruby on Rails – Rubysec Tools and Tricks
Icon
Django – Strategies for the Python App
Icon
Summary
Icon
Questions
Icon
Further Reading
10
Formatting Your Report
Icon
Formatting Your Report
Icon
Technical Requirements
Icon
Reproducing the Bug – How Your Submission Is Vetted
Icon
Critical Information – What Your Report Needs
Icon
Maximizing Your Award – The Features That Pay
Icon
Example Submission Reports – Where to Look
Icon
Hackerone Hacktivity
Icon
Vulnerability Lab Archive
Icon
GitHub
Icon
Summary
Icon
Questions
Icon
Further Reading
11
Other Tools
Icon
Other Tools
Icon
Technical Requirements
Icon
Evaluating New Tools – What to Look For
Icon
Paid Versus Free Editions – What Makes a Tool Worth It?
Icon
A Quick Overview of Other Options – Nikto, Kali, Burp Extensions, and More
Icon
Summary
Icon
Questions
Icon
Further Reading
12
Other (Out of Scope) Vulnerabilities
Icon
Other (Out of Scope) Vulnerabilities
Icon
Technical Requirements
Icon
DoS/DDoS – The Denial-of-Service Problem
Icon
Sandboxed and Self-XSS – Low-Threat XSS Varieties
Icon
Non-Critical Data Leaks – What Companies Don’t Care About
Icon
Other Common No-Payout Vulnerabilities
Icon
Summary
Icon
Questions
Icon
Further Reading
13
Going Further
chevron up
Icon
Going Further
Icon
Blogs
Icon
Courses
Icon
Summary
Icon
Questions
Icon
Further Reading
14
Assessment
Icon
Assessment
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
Icon
Chapter 13
15
Other Books You May Enjoy
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Going Further

Hopefully, you've found the resources contained in this book useful. As you look to expand your interest in infosec, vulnerabilities, and public bug bounty programs in particular, there are plenty of great resources to help you on your way.

In this chapter, I've tried to collect a smattering of some of the best community sites, curated blogs, educational resources, bug report archives, and finally, a glossary of some of the more important (and opaque) security terms used by this and other books. This chapter should be a nice reference going forward, acting as your springboard as you dive deeper into the world of independent, freelance security research.

CONTINUE READING
83
Tech Concepts
36
Programming languages
73
Tech Tools
Icon Unlimited access to the largest independent learning library in tech of over 8,000 expert-authored tech books and videos.
Icon Innovative learning tools, including AI book assistants, code context explainers, and text-to-speech.
Icon 50+ new titles added per month and exclusive early access to books as they are being written.
Hands-On Bug Hunting for Penetration Testers
End of Section 13
Next Section
notes
bookmark Notes and Bookmarks search Search in title playlist Add to playlist download Download options
font-size Font size

Change the font size

margin-width Margin width

Change margin width

day-mode Day/Sepia/Night Modes

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY

Submit Your Feedback

Modal Close icon
Modal Close icon
Modal Close icon