Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities

  • 6h 46m
  • Vickie Li
  • No Starch Press
  • 2021

A comprehensive guide for any web application hacker, Bug Bounty Bootcamp is a detailed exploration of the many vulnerabilities present in modern websites and the hands-on techniques you can use to most successfully exploit them.

Bug Bounty Bootcamp prepares you for participation in bug bounty programs, which companies set up to reward hackers for finding and reporting vulnerabilities in their applications. The Bootcamp begins with guidance on writing high-quality bug reports and building lasting relationships with client organizations. You’ll then set up a hacking lab and dive into the mechanisms of common web vulnerabilities, like XSS and SQL injection, aided by thorough explanations of what causes them, how you can exploit them, where to find them, and how to bypass protections. You’ll also explore recon strategies for gathering intel on a target and automate recon with bash scripting. Finally, you’ll wade into advanced techniques, like hacking mobile apps, testing APIs, and reviewing source code for vulnerabilities.

Along the way, you’ll learn how to:

  • Identify and successfully exploit a wide array of common web vulnerabilities
  • Set up a hacking environment, configure Burp Suite, and use its modules to intercept traffic and hunt for bugs
  • Chain together multiple bugs for maximum impact and higher payouts
  • Bypass protection mechanisms like input sanitization and blocklists to make your attacks succeed
  • Automate tedious bug-hunting tasks with fuzzing and bash scripting
  • Set up an Android app testing environment

Thousands of data breaches happen every year. By understanding vulnerabilities and how they happen, you can help prevent malicious attacks, protect apps and users, and make the internet a safer place. Happy bug hunting!

About the Author

Vickie Li is a developer and security researcher experienced in finding and exploiting vulnerabilities in web applications. She has reported vulnerabilities to firms such as Facebook, Yelp and Starbucks and contributes to a number of online training programs and technical blogs.

In this Book

  • Foreword
  • Introduction
  • Picking a Bug Bounty Program
  • Sustaining Your Success
  • How the Internet Works
  • Environmental Setup and Traffic Interception
  • Web Hacking Reconnaissance
  • Cross-Site Scripting
  • Open Redirects
  • Clickjacking
  • Cross-Site Request Forgery
  • Insecure Direct object References
  • SQL Injection
  • Race Conditions
  • Server-Side Request Forgery
  • Insecure Deserialization
  • XML External Entity
  • Template Injection
  • Application Logic Errors and Broken access Control
  • Remote Code Execution
  • Same-Origin Policy Vulnerabilities
  • Single-Sign-On Security Issues
  • Information Disclosure
  • Conducting Code Reviews
  • Hacking Android Apps
  • API Hacking
  • Automatic Vulnerability Discovery using Fuzzers
SHOW MORE
FREE ACCESS

YOU MIGHT ALSO LIKE

Rating 5.0 of 1 users Rating 5.0 of 1 users (1)
Rating 5.0 of 2 users Rating 5.0 of 2 users (2)