Bug Bounty Hunting Essentials

▶Book Description
Bug bounty programs are the deals offered by prominent companies where-in any white-hat hacker can find bugs in the applications and they will have a recognition for the same. The number of prominent organizations having this program has increased gradually leading to a lot of opportunity for Ethical Hackers.

This book will initially start with introducing you to the concept of Bug Bounty hunting. Then we will dig deeper into concepts of vulnerabilities and analysis such as HTML injection, CRLF injection and so on. Towards the end of the book, we will get hands-on experience working with different tools used for bug hunting and various blogs and communities to be followed.

This book will get you started with bug bounty hunting and its fundamentals.

▶What You Will Learn
⦁ Learn the basics of bug bounty hunting
⦁ Hunt bugs in web applications
⦁ Hunt bugs in Android applications
⦁ Analyze the top 300 bug reports
⦁ Discover bug bounty hunting research methodologies
⦁ Explore different tools used for Bug Hunting

▶Key Features
⦁ Get well-versed with the fundamentals of Bug Bounty Hunting
⦁ Hands-on experience on using different tools for bug hunting
⦁ Learn to write a bug bounty report according to the different vulnerabilities and its analysis

▶Who This Book Is For
This book is targeted towards white-hat hackers, or anyone who wants to understand the concept behind bug bounty hunting and understand this brilliant way of penetration testing.

This book does not require any knowledge on bug bounty hunting.

▶What this book covers
⦁ Chapter 1, Basics of Bug Bounty Hunting, gives you an overview of what bug bounty hunting is and what the key steps for doing it are, including the techniques, platforms, and tools that are necessary for it.

⦁ Chapter 2, How to Write a Bug Bounty Report, provides you with information on how to use a vulnerability coordination platform to write bug bounty reports and how to respond to company's questions with caution and respect. It will also provide tips on how to increase payouts.

⦁ Chapter 3, SQL Injection Vulnerabilities, focuses on CRLF bug bounty reports. A CRLF injection attack occurs when a user manages to submit a CRLF into an application. This is most commonly done by modifying an HTTP parameter or URL.

⦁ Chapter 4, Cross-Site Request Forgery, is about basic Cross-Site Request Forgery (CSRF) attacks and bug bounty reports. CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

⦁ Chapter 5, Application Logic Vulnerabilities, is about business logic and application logic flaws. Application business logic flaws are unique to each custom application, potentially very damaging, and difficult to test. Attackers exploit business logic by using deductive reasoning to trick and ultimately exploit the application.

⦁ Chapter 6, Cross-Site Scripting Attacks, covers Cross-Site Scripting (XSS) vulnerabilities. XSS is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

⦁ Chapter 7, SQL Injection, is mostly about finding SQL injection flaws in bug bounty programs. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements via web page input.

⦁ Chapter 8, Open Redirect Vulnerabilities, is about open redirect vulnerabilities in web applications. Unvalidated redirects and forwards are possible when a web application accepts untrusted input that could cause the web application to redirect the request to a URL contained within untrusted input. By modifying untrusted URL input to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials.

⦁ Chapter 9, Sub-Domain Takeover, focuses on sub-domain takeover vulnerabilities. A subdomain takeover is considered a high-severity threat and boils down to the registration of a domain by somebody else (with malicious intentions) in order to gain control over one or more (sub-)domains.

⦁ Chapter 10, XML External Entity Vulnerability, is about XML External Entity (XXE) attacks. XXE refers to a specific type of Server-Side Request Forgery (SSRF) attack, whereby an attacker is able to cause Denial of Service (DoS) and access local or remote files and services by abusing a widely available, rarely used feature in an XML parser.

⦁ Chapter 11, Template Injection, is mainly about template injection vulnerabilities. Template injection vulnerabilities arise when applications using a client-side or server-side template framework dynamically embed user input in web pages.

⦁ Chapter 12, Top Bug Bounty Hunting Tools, reviews the most used tools for web application security assessments. Most of them are open source or for free, but we will also mention some tools that are licensed.

⦁ Chapter 13, Top Learning Resources, lists some resources to be updated in the new technologies, exploiting techniques and vulnerability disclosures.