▶Book Description
Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs.
You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You’ll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it’s found), and how to create the tools for automated pentesting workflows.
Then, you’ll format all of this information within the context of a bug report that will have the greatest chance of earning you cash.
With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.
▶What You Will Learn
⦁ Choose what bug bounty programs to engage in
⦁ Understand how to minimize your legal liability and hunt for bugs ethically
⦁ See how to take notes that will make compiling your submission report easier
⦁ Know how to take an XSS vulnerability from discovery to verification, and report submission
⦁ Automate CSRF PoC generation with Python
⦁ Leverage Burp Suite for CSRF detection
⦁ Use WP Scan and other tools to find vulnerabilities in WordPress, Django, and Ruby on Rails applications
⦁ Write your report in a way that will earn you the maximum amount of money
▶Key Features
⦁ Learn how to test for common bugs
⦁ Discover tools and methods for hacking ethically
⦁ Practice working through pentesting engagements step-by-step
▶Who This Book Is For
This book is written for developers, hobbyists, pentesters, and anyone with an interest (and a little experience) in web application security and public bug bounty programs.
▶What this book covers
⦁ Chapter 1, Joining the Hunt, introduces the concept of bug bounties, their value to companies, and the most common types of programs. It also sets up expectations for what the reader should know going into the book.
⦁ Chapter 2, Choosing Your Hunting Ground, explains how to evaluate individual bug bounty programs and whether to participate in them. It explains factors such as payouts, community engagement, terms of engagements, and participating in company quality.
⦁ Chapter 3, Preparing for an Engagement, explains how to prepare for a pentesting engagement, from how to standardize the reconnaissance process, to understanding the application’s attack surface, to the importance of good note taking and, later, preparing submission reports.
⦁ Chapter 4, Unsanitized Data – An XSS Case Study, describes how and where to find XSS vulnerabilities - a variety of code injection that represents one of the most common web application vulnerabilities today.
⦁ Chapter 5, SQL, Code Injection and Scanners, describes the different varieties of code injection attacks and how to safely test for them, covering different types of injection, such as blind or error-based injection.
⦁ Chapter 6, CSRF and Insecure Session Authentication, discusses vulnerabilities related to insecure session authentication, focusing on CSRF and how to create a CSRF PoC to test for them.
⦁ Chapter 7, Detecting XML External Entities (XEE), focuses on XML External Entity vulnerability detection and related XML injection techniques that can work in conjunction with XXE.
⦁ Chapter 8, Access Control and Security Through Obscurity, goes over how to find hidden information/data leaks in web applications and discerning between what data is important (and will win you an award) and what’s not. It covers different types of sensitive data and gives you examples from the field.
⦁ Chapter 9, Framework and Application-Specific Vulnerabilities, covers approaching a pentesting engagement from the perspective of testing for application/framework-specific vulnerabilities, focusing on general Known Common Vulnerabilities and Exposures (CVEs), as well as methods for testing WordPress, Rails, and Django apps, including strategies, tools, tips, and tricks.
⦁ Chapter 10, Formatting Your Report, goes over how to compose a bug report to receive the maximum payout, drawing on examples and information from earlier vulnerability-specific chapters and providing examples (with commentary) on the finer considerations of your submission.
⦁ Chapter 11, Other Tools, goes over other tools not covered in the course of the vulnerability examples and how to vet new ones. It also explains how to evaluate free versus paid products and jumping off points for pentesting regimens that focus on bugs not detailed extensively in the work (for example, weak WAF rules/network gaps).
⦁ Chapter 12, Other (Out-of-Scope) Vulnerabilities, goes over other vulnerabilities not covered in the course of the book and why they don’t command payouts in most bug bounty programs.
⦁ Chapter 13, Going Further, explains where the reader can turn to for more information about participating in bug bounty programs - running through courses and resources for continuing to develop your security acumen. It also features a dictionary of pentesting/security terms to clearly define the way the book employs certain terminology.
