Home > Categories > Cybersecurity > Bug Bounty Bootcamp
Bug Bounty Bootcamp
📥 Download PDF

Bug Bounty Bootcamp

by Vickie Li

Cybersecurity

Book Details

Book Title

Bug Bounty Bootcamp

Author

Vickie Li

Publisher

No Starch Press City: San Francisco, CA

Publication Date

2021

ISBN

9781718501546

Number of Pages

418

Language

English

Format

PDF

File Size

5.4MB

Subject

Android; Bug Bounty; Burp Suite; Clickjacking; Code Review; Cross-Site Request Forgery; DNS; Fuzzing; HTTP;

Table of Contents

  • Introduction
  • Foreword
  • Part I: The Industry
  • Chapter 1: Picking a Bug Bounty Program
  • The State of the Industry
  • Asset Types
  • Bug Bounty Platforms
  • Scope, Payouts, and Response Times
  • Private Programs
  • Choosing the Right Program
  • A Quick Comparison of Popular Programs
  • Chapter 2: Sustaining Your Success
  • Writing a Good Report
  • Building a Relationship with the Development Team
  • Understanding Why You’re Failing
  • What to Do When You’re Stuck
  • Lastly, a Few Words of Experience
  • Part II: Getting Started
  • Chapter 3: How the Internet Works
  • The Client-Server Model
  • The Domain Name System
  • Internet Ports
  • HTTP Requests and Responses
  • Internet Security Controls
  • Learn to Program
  • Chapter 4: Environmental Setup and Traffic Interception
  • Choosing an Operating System
  • Setting Up the Essentials
  • Using Burp
  • A Final Note on . . . Taking Notes
  • Chapter 5: Web Hacking Reconnaissance
  • Manually Walking Through the Target
  • Google Dorking
  • Scope Discovery
  • Other Sneaky OSINT Techniques
  • Tech Stack Fingerprinting
  • Writing Your Own Recon Scripts
  • A Note on Recon APIs
  • Start Hacking!
  • Tools Mentioned
  • Part III: Web Vulnerabilities
  • Chapter 6 to 21: Cross-Site Scripting, Open Redirects, Clickjacking, CSRF, IDOR, SQLi, Race Conditions, SSRF, Insecure Deserialization, XXE, Template Injection, Logic Errors, RCE, SOP Bypass, SSO Issues, and Info Disclosure.
  • Chapter 6: Cross-Site Scripting
  • Mechanisms
  • Types of XSS
  • Prevention
  • Hunting for XSS
  • Bypassing Protection
  • Escalating the Attack
  • Automating XSS Hunting
  • Finding Your First XSS!
  • Chapter 7: Open Redirects
  • Mechanisms
  • Prevention
  • Hunting for Open Redirects
  • Bypassing Open-Redirect Protection
  • Escalating the Attack
  • Finding Your First Open Redirect!
  • Chapter 8: Clickjacking
  • Mechanisms
  • Prevention
  • Hunting for Clickjacking
  • Bypassing Protections
  • Escalating the Attack
  • A Note on Delivering the Clickjacking Payload
  • Finding Your First Clickjacking Vulnerability!
  • Chapter 9: Cross-Site Request Forgery
  • Mechanisms
  • Prevention
  • Hunting for CSRFs
  • Bypassing CSRF Protection
  • Escalating the Attack
  • Delivering the CSRF Payload
  • Finding Your First CSRF!
  • Chapter 10: Insecure Direct Object References
  • Mechanisms
  • Prevention
  • Hunting for IDORs
  • Bypassing IDOR Protection
  • Escalating the Attack
  • Automating the Attack
  • Finding Your First IDOR!
  • Chapter 11: SQL Injection
  • Mechanisms
  • Prevention
  • Hunting for SQL Injections
  • Escalating the Attack
  • Automating SQL Injections
  • Finding Your First SQL Injection!
  • Chapter 12: Race Conditions
  • Mechanisms
  • When a Race Condition Becomes a Vulnerability
  • Prevention
  • Hunting for Race Conditions
  • Escalating Race Conditions
  • Finding Your First Race Condition!
  • Chapter 13: Server-Side Request Forgery
  • Mechanisms
  • Prevention
  • Hunting for SSRFs
  • Bypassing SSRF Protection
  • Escalating the Attack
  • Finding Your First SSRF!
  • Chapter 14: Insecure Deserialization
  • Mechanisms
  • Prevention
  • Hunting for Insecure Deserialization
  • Escalating the Attack
  • Finding Your First Insecure Deserialization!
  • Chapter 15: XML External Entity
  • Mechanisms
  • Prevention
  • Hunting for XXEs
  • Escalating the Attack
  • More About Data Exfiltration Using XXEs
  • Finding Your First XXE!
  • Chapter 16: Template Injection
  • Mechanisms
  • Prevention
  • Hunting for Template Injection
  • Escalating the Attack
  • Automating Template Injection
  • Finding Your First Template Injection!
  • Chapter 17: Application Logic Errors and Broken Access Control
  • Application Logic Errors
  • Broken Access Control
  • Prevention
  • Hunting for Application Logic Errors and Broken Access Control
  • Escalating the Attack
  • Finding Your First Application Logic Error or Broken Access Control!
  • Chapter 18: Remote Code Execution
  • Mechanisms
  • Prevention
  • Hunting for RCEs
  • Escalating the Attack
  • Bypassing RCE Protection
  • Finding Your First RCE!
  • Chapter 19: Same-Origin Policy Vulnerabilities
  • Mechanisms
  • Hunting for SOP Bypasses
  • Escalating the Attack
  • Finding Your First SOP Bypass Vulnerability!
  • Chapter 20: Single-Sign-On Security Issues
  • Mechanisms
  • Hunting for Subdomain Takeovers
  • Monitoring for Subdomain Takeovers
  • Hunting for SAML Vulnerabilities
  • Hunting for OAuth Token Theft
  • Escalating the Attack
  • Finding Your First SSO Bypass!
  • Chapter 21: Information Disclosure
  • Mechanisms
  • Prevention
  • Hunting for Information Disclosure
  • Escalating the Attack
  • Finding Your First Information Disclosure!
  • Part IV: Expert Techniques
  • Chapter 22: Conducting Code Reviews
  • White-Box vs. Black-Box Testing
  • grep Is Your Best Friend
  • Detailed Approach
  • Exercise
  • Chapter 23: Hacking Android Apps
  • Setting Up a Mobile Proxy
  • Bypassing Certificate Pinning
  • APK Anatomy
  • Hunting for Vulnerabilities
  • Chapter 24: API Hacking
  • What Are APIs?
  • Hunting for API Vulnerabilities
  • Chapter 25: Fuzzing
  • What Is Fuzzing?
  • How a Web Fuzzer Works
  • Fuzzing with Wfuzz
  • Static Analysis vs. Fuzzing
  • Pitfalls of Fuzzing
  • Adding to Automated Testing Toolkit
  • Index