舉報(bào) 
會(huì)員
Bug Bounty Hunting Essentials
Bugbountyprogramsarethedealsofferedbyprominentcompanieswhere-inanywhite-hathackercanfindbugsintheapplicationsandtheywillhavearecognitionforthesame.ThenumberofprominentorganizationshavingthisprogramhasincreasedgraduallyleadingtoalotofopportunityforEthicalHackers.ThisbookwillinitiallystartwithintroducingyoutotheconceptofBugBountyhunting.ThenwewilldigdeeperintoconceptsofvulnerabilitiesandanalysissuchasHTMLinjection,CRLFinjectionandsoon.Towardstheendofthebook,wewillgethands-onexperienceworkingwithdifferenttoolsusedforbughuntingandvariousblogsandcommunitiestobefollowed.Thisbookwillgetyoustartedwithbugbountyhuntinganditsfundamentals.
目錄(319章)
倒序
- coverpage
- Title Page
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Basics of Bug Bounty Hunting
- Bug bounty hunting platforms
- HackerOne
- Bugcrowd
- Cobalt
- Synack
- Types of bug bounty program
- Public programs
- Private programs
- Bug bounty hunter statistics
- Number of vulnerabilities
- Number of halls of fame
- Reputation points
- Signal
- Impact
- Accuracy
- Bug bounty hunting methodology
- How to become a bug bounty hunter
- Reading books
- Practicing what you learned
- Reading proof of concepts
- Learning from reports
- Starting bug bounty hunting
- Learning and networking with others
- Rules of bug bounty hunting
- Targeting the right program
- Approaching the target with clarity
- Keeping your expectations low
- Learning about vulnerabilities
- Keeping yourself up-to-date
- Automating your vulnerabilities
- Gaining experience with bug bounty hunting
- Chaining vulnerabilities
- Summary
- How to Write a Bug Bounty Report
- Prerequisites of writing a bug bounty report
- Referring to the policy of the program
- Mission statement
- Participating services
- Excluded domains
- Reward and qualifications
- Eligibility for participation
- Conduct guidelines
- Nonqualifying vulnerabilities
- Commitment to researchers
- Salient features of a bug bounty report
- Clarity
- Depth
- Estimation
- Respect
- Format of a bug bounty report
- Writing title of a report
- Writing the description of a report
- Writing the proof of concept of a report
- Writing exploitability of a report
- Writing impact of a report
- Writing remediation
- Responding to the queries of the team
- Summary
- SQL Injection Vulnerabilities
- SQL injection
- Types of SQL injection vulnerability
- In-band SQLi (classic SQLi)
- Inferential SQLi (blind SQLi)
- Out-of-band SQLi
- Goals of an SQL injection attack for bug bounty hunters
- Uber SQL injection
- Key learning from this report
- Grab taxi SQL Injection
- Key learning from this report
- Zomato SQL injection
- Key learning from this report
- LocalTapiola SQL injection
- Key learning from this report
- Summary
- Cross-Site Request Forgery
- Protecting the cookies
- Why does the CSRF exist?
- GET CSRF
- POST CSRF
- CSRF-unsafe protections
- Secret cookies
- Request restrictions
- Complex flow
- URL rewriting
- Using HTTPS instead of HTTP
- CSRF – more safe protection
- Detecting and exploiting CSRF
- Avoiding problems with authentication
- XSS – CSRF's best friend
- Cross-domain policies
- HTML injection
- JavaScript hijacking
- CSRF in the wild
- Shopify for exporting installed users
- Shopify Twitter disconnect
- Badoo full account takeover
- Summary
- Application Logic Vulnerabilities
- Origins
- What is the main problem?
- Following the flow
- Spidering
- Points of interest
- Analysis
- User input
- Out-band channels
- Naming conventions
- Keywords related to technologies
- Analyzing the traffic
- Application logic vulnerabilities in the wild
- Bypassing the Shopify admin authentication
- Starbucks race conditions
- Binary.com vulnerability – stealing a user's money
- HackerOne signal manipulation
- Shopify S buckets open
- HackerOne S buckets open
- Bypassing the GitLab 2F authentication
- Yahoo PHP info disclosure
- Summary
- Cross-Site Scripting Attacks
- Types of cross-site scripting
- Reflected cross-site scripting
- Stored cross-site scripting
- DOM-based XSS
- Other types of XSS attacks
- Blind XSS
- Flash-based XSS
- Self XSS
- How do we detect XSS bugs?
- Detecting XSS bugs in real life
- Follow the flow
- Avoiding input validation controls
- Other common strings
- Bypassing filters using encoding
- Bypassing filters using tag modifiers
- Bypassing filters using dynamic constructed strings
- Workflow of an XSS attack
- HackeroneXSS
- Executing malicious JS
- Embedding unauthorized images in the report
- Redirecting users to a different website
- Key learning from this report
- Slack XSS
- Embedding malicious links to infect other users on Slack
- Key learning from this report
- TrelloXSS
- Key learning from this report
- Shopify XSS
- Key learning from this report
- Twitter XSS
- Key learning from this report
- Real bug bounty examples
- Shopify wholesale
- Shopify Giftcard Cart
- Shopify currency formatting
- Yahoo Mail stored XSS
- Google image search
- Summary
- SQL Injection
- Origin
- Types of SQL injection
- In-band SQL injection
- Inferential
- Out-of-band SQL injection
- Fundamental exploitation
- Detecting and exploiting SQL injection as if tomorrow does not exist
- Union
- Interacting with the DBMS
- Bypassing security controls
- Blind exploitation
- Out-band exploitations
- Example
- Automation
- SQL injection in Drupal
- Summary
- Open Redirect Vulnerabilities
- Redirecting to another URL
- Constructing URLs
- Executing code
- URL shorteners
- Why do open redirects work?
- Detecting and exploiting open redirections
- Exploitation
- Impact
- Black and white lists
- Open redirects in the wild
- Shopify theme install open redirect
- Shopify login open redirect
- HackerOne interstitial redirect
- XSS and open redirect on Twitter
- Summary
- Sub-Domain Takeovers
- The sub-domain takeover
- CNAME takeovers
- NS takeover
- MX takeovers
- Internet-wide scans
- Detecting possibly affected domains
- Exploitation
- Mitigation
- Sub-domain takeovers in the wild
- Ubiquiti sub-domain takeovers
- Scan.me pointing to Zendesk
- Starbucks' sub-domain takeover
- Vine's sub-domain takeover
- Uber's sub-domain takeover
- Summary
- XML External Entity Vulnerability
- How XML works
- How is an XXE produced?
- Detecting and exploiting an XXE
- Templates
- XXEs in the wild
- Read access to Google
- A Facebook XXE with Word
- The Wikiloc XXE
- Summary
- Template Injection
- What's the problem?
- Examples
- Twig and FreeMaker
- Smarty
- Marko
- Detection
- Exploitation
- Mitigation
- SSTI in the wild
- Uber Jinja2 TTSI
- Uber Angular template injection
- Yahoo SSTI vulnerability
- Rails dynamic render
- Summary
- Top Bug Bounty Hunting Tools
- HTTP proxies requests responses and traffic analyzers
- Burp Suite
- Wireshark
- Firebug
- ZAP – Zed Attack Proxy
- Fiddler
- Automated vulnerability discovery and exploitation
- Websecurify (SECAPPS)
- Acunetix
- Nikto
- sqlmap
- Recognize
- Knockpy
- HostileSubBruteforcer
- Nmap
- Shodan
- What CMS
- Recon-ng
- Extensions
- FoxyProxy
- User-Agent Switcher
- HackBar
- Cookies Manager+
- Summary
- Top Learning Resources
- Training
- Platzi
- Udemy
- GIAC
- Offensive Security
- Books and resources
- Web Application Hacker's Handbook
- OWASP Testing Guide
- Hacking 101
- The Hacker Play Book
- Exploiting Software
- CTFs and wargames
- Hack The Box
- Damn Vulnerable Web Application
- Badstore
- Metasploitable
- YouTube channels
- Web Hacking Pro Tips
- BugCrowd
- HackerOne
- Social networks and blogs
- Exploitware Labs
- Philippe Hare Wood
- PortSwigger's blog
- Meetings and networking
- LiveOverflow
- OWASP meetings
- DEFCON meetings
- 2600 meetings
- Conferences
- DEFCON
- BlackHat
- BugCON
- Ekoparty
- Code Blue
- CCC
- H2HC
- Podcasts
- PaulDotCom
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時(shí)間:2021-06-10 18:36:23
推薦閱讀
- 黑客大曝光:無(wú)線(xiàn)網(wǎng)絡(luò)安全(原書(shū)第3版)
- Securing Blockchain Networks like Ethereum and Hyperledger Fabric
- API安全實(shí)戰(zhàn)
- Metasploit Penetration Testing Cookbook(Second Edition)
- 網(wǎng)絡(luò)安全保障能力研究
- Practical Network Scanning
- Enterprise Cloud Security and Governance
- Learning Veeam? Backup & Replication for VMware vSphere
- 從實(shí)踐中學(xué)習(xí)Kali Linux滲透測(cè)試
- Falco云原生安全:Falco原理、實(shí)踐與擴(kuò)展
- 電腦安全與攻防入門(mén)很輕松(實(shí)戰(zhàn)超值版)
- 編譯與反編譯技術(shù)實(shí)戰(zhàn)
- 構(gòu)建新型網(wǎng)絡(luò)形態(tài)下的網(wǎng)絡(luò)空間安全體系
- 華為Anti-DDoS技術(shù)漫談
- Cybersecurity Threats,Malware Trends,and Strategies
- Kali Linux高級(jí)滲透測(cè)試(原書(shū)第4版)
- Mastering Malware Analysis
- 網(wǎng)絡(luò)空間安全導(dǎo)論
- 物聯(lián)網(wǎng)信息安全技術(shù)
- 中國(guó)網(wǎng)絡(luò)空間安全前沿科技發(fā)展報(bào)告(2018)
- Learning Metasploit Exploitation and Development
- 從實(shí)踐中學(xué)習(xí)TCP/IP協(xié)議
- 從實(shí)踐中學(xué)習(xí)Fiddler Web應(yīng)用分析
- 精通Veeam Backup&Replication(原書(shū)第2版)
- 白話(huà)網(wǎng)絡(luò)安全
- 網(wǎng)絡(luò)綜合項(xiàng)目實(shí)踐
- Microsoft Forefront Identity Manager 2010 R2 Handbook
- 巧學(xué)活用網(wǎng)絡(luò)安全與維護(hù)
- 走近安全:網(wǎng)絡(luò)世界的攻與防
- 涉密信息管理系統(tǒng)
