Bug Bounty Hunting Essentials: Quick-paced guide to help white-hat hackers get through bug bounty programs - Softcover

Lozano, Carlos A.; Amir, Shahmeer

 
9781788626897: Bug Bounty Hunting Essentials: Quick-paced guide to help white-hat hackers get through bug bounty programs
Softcover
ISBN 10: 1788626893 ISBN 13: 9781788626897
Publisher: Packt Publishing, 2018

Synopsis

Gain practical knowledge of application security and become a skilled bug bounty hunter by exploring a variety of related concepts, techniques, and tools

Key Features

  • Become well-versed with the fundamentals of bug bounty hunting
  • Gain hands-on experience of using a variety of tools for bug hunting
  • Learn to write a bug bounty report by analyzing different vulnerabilities

Book Description

Bug bounty programs are initiatives adopted by companies as part of their vulnerability management strategy. This approach involves rewarding white-hat hackers for finding bugs in applications and other software vulnerabilities. The number of prominent organizations opting for this program has exponentially increased over time, creating more opportunities for ethical hackers.

This book starts by introducing you to the concept of bug bounty hunting and its fundamentals. You'll then delve into vulnerabilities and analysis concepts, such as HTML injection and CRLF injection, which will help you understand these attacks and be able to secure an organization from them. Toward later chapters, you'll gain practical knowledge of working with different tools for bug hunting. Finally, you'll explore a variety of blogs and communities you need to follow to further build on your skills.

By the end of this book, you will have developed the pentesting skills you need to become a successful bug bounty hunter.

What you will learn

  • Hunt bugs in web applications
  • Get up to speed with hunting bugs in Android applications
  • Analyze the top 300 bug reports
  • Discover bug bounty hunting research methodologies
  • Understand different attacks such as cross-site request forgery (CSRF) and cross-site scripting (XSS)
  • Get to grips with business logic flaws and understand how to identify them

Who this book is for

This book is for white-hat hackers or anyone who wants to understand bug bounty hunting and build on their penetration testing skills. Prior knowledge of bug bounty hunting is not required.

Table of Contents

  1. Basics of Bug Bounty Hunting
  2. How to write a Bug Bounty Report
  3. SQL Injection Vulnerabilities
  4. Cross Site Request Forgery
  5. Application Logic Vulnerabilities
  6. Cross Site Scripting Attacks
  7. SQL Injection
  8. Open Redirect Vulnerabilities
  9. Sub Domain Takeover
  10. XML External Entity Vulnerability
  11. Template Injection
  12. Top Bug Bounty Hunting tools
  13. Top Learning resources

"synopsis" may belong to another edition of this title.

About the Authors

Carlos A. Lozano is a security consultant with more than 15 years' experience in various security fields. He has worked in penetration tester, but most of his experience is with security application assessments. He has assessed financial applications, ISC/SCADA systems, and even low-level applications, such as drivers and embedded components. Two years ago, he started on public and private bug bounty programs and focused on web applications, source code review, and reversing projects. Also, Carlos works as Chief Operations Officer at Global CyberSec, an information security firm based in Mexico, with operations in USA and Chile.

Shahmeer Amir is ranked as the third most accomplished bug hunter worldwide and has helped more than 400 organizations, including Facebook, Microsoft, Yahoo, and Twitter, resolve critical security issues in their systems. Following his vision of a safer internet, Shahmeer Amir is the founder and CEO of a cyber security start-up in Pakistan, Veiliux, aiming to secure all kinds of organizations. Shahmeer also holds relevant certifications in the field of cyber security from renowned organizations such as EC-Council, Mile2, and ELearn Security. By profession, Shahmeer is an electrical engineer working on different IoT products to make the lives of people easier.

"About this title" may belong to another edition of this title.

Publisher
Packt Publishing
Publication date
2018
Language
English
ISBN 10 
1788626893
ISBN 13 
9781788626897
Binding
Paperback
Number of pages
270