舉報(bào) 
會(huì)員
Bug Bounty Hunting Essentials
Carlos A. Lozano Shahmeer Amir 著
更新時(shí)間:2021-06-10 18:36:23
開會(huì)員,本書免費(fèi)讀 >
Bugbountyprogramsarethedealsofferedbyprominentcompanieswhere-inanywhite-hathackercanfindbugsintheapplicationsandtheywillhavearecognitionforthesame.ThenumberofprominentorganizationshavingthisprogramhasincreasedgraduallyleadingtoalotofopportunityforEthicalHackers.ThisbookwillinitiallystartwithintroducingyoutotheconceptofBugBountyhunting.ThenwewilldigdeeperintoconceptsofvulnerabilitiesandanalysissuchasHTMLinjection,CRLFinjectionandsoon.Towardstheendofthebook,wewillgethands-onexperienceworkingwithdifferenttoolsusedforbughuntingandvariousblogsandcommunitiestobefollowed.Thisbookwillgetyoustartedwithbugbountyhuntinganditsfundamentals.
最新章節(jié)
- Leave a review - let other readers know what you think
- Other Books You May Enjoy
- Summary
- PaulDotCom
- Podcasts
- 8.8
品牌:中圖公司
上架時(shí)間:2021-06-10 18:18:32
出版社:Packt Publishing
本書數(shù)字版權(quán)由中圖公司提供,并由其授權(quán)上海閱文信息技術(shù)有限公司制作發(fā)行
- Leave a review - let other readers know what you think 更新時(shí)間:2021-06-10 18:36:23
- Other Books You May Enjoy
- Summary
- PaulDotCom
- Podcasts
- 8.8
- H2HC
- CCC
- Code Blue
- Ekoparty
- BugCON
- BlackHat
- DEFCON
- Conferences
- 2600 meetings
- DEFCON meetings
- OWASP meetings
- LiveOverflow
- Meetings and networking
- PortSwigger's blog
- Philippe Hare Wood
- Exploitware Labs
- Social networks and blogs
- HackerOne
- BugCrowd
- Web Hacking Pro Tips
- YouTube channels
- Metasploitable
- Badstore
- Damn Vulnerable Web Application
- Hack The Box
- CTFs and wargames
- Exploiting Software
- The Hacker Play Book
- Hacking 101
- OWASP Testing Guide
- Web Application Hacker's Handbook
- Books and resources
- Offensive Security
- GIAC
- Udemy
- Platzi
- Training
- Top Learning Resources
- Summary
- Cookies Manager+
- HackBar
- User-Agent Switcher
- FoxyProxy
- Extensions
- Recon-ng
- What CMS
- Shodan
- Nmap
- HostileSubBruteforcer
- Knockpy
- Recognize
- sqlmap
- Nikto
- Acunetix
- Websecurify (SECAPPS)
- Automated vulnerability discovery and exploitation
- Fiddler
- ZAP – Zed Attack Proxy
- Firebug
- Wireshark
- Burp Suite
- HTTP proxies requests responses and traffic analyzers
- Top Bug Bounty Hunting Tools
- Summary
- Rails dynamic render
- Yahoo SSTI vulnerability
- Uber Angular template injection
- Uber Jinja2 TTSI
- SSTI in the wild
- Mitigation
- Exploitation
- Detection
- Marko
- Smarty
- Twig and FreeMaker
- Examples
- What's the problem?
- Template Injection
- Summary
- The Wikiloc XXE
- A Facebook XXE with Word
- Read access to Google
- XXEs in the wild
- Templates
- Detecting and exploiting an XXE
- How is an XXE produced?
- How XML works
- XML External Entity Vulnerability
- Summary
- Uber's sub-domain takeover
- Vine's sub-domain takeover
- Starbucks' sub-domain takeover
- Scan.me pointing to Zendesk
- Ubiquiti sub-domain takeovers
- Sub-domain takeovers in the wild
- Mitigation
- Exploitation
- Detecting possibly affected domains
- Internet-wide scans
- MX takeovers
- NS takeover
- CNAME takeovers
- The sub-domain takeover
- Sub-Domain Takeovers
- Summary
- XSS and open redirect on Twitter
- HackerOne interstitial redirect
- Shopify login open redirect
- Shopify theme install open redirect
- Open redirects in the wild
- Black and white lists
- Impact
- Exploitation
- Detecting and exploiting open redirections
- Why do open redirects work?
- URL shorteners
- Executing code
- Constructing URLs
- Redirecting to another URL
- Open Redirect Vulnerabilities
- Summary
- SQL injection in Drupal
- Automation
- Example
- Out-band exploitations
- Blind exploitation
- Bypassing security controls
- Interacting with the DBMS
- Union
- Detecting and exploiting SQL injection as if tomorrow does not exist
- Fundamental exploitation
- Out-of-band SQL injection
- Inferential
- In-band SQL injection
- Types of SQL injection
- Origin
- SQL Injection
- Summary
- Google image search
- Yahoo Mail stored XSS
- Shopify currency formatting
- Shopify Giftcard Cart
- Shopify wholesale
- Real bug bounty examples
- Key learning from this report
- Twitter XSS
- Key learning from this report
- Shopify XSS
- Key learning from this report
- TrelloXSS
- Key learning from this report
- Embedding malicious links to infect other users on Slack
- Slack XSS
- Key learning from this report
- Redirecting users to a different website
- Embedding unauthorized images in the report
- Executing malicious JS
- HackeroneXSS
- Workflow of an XSS attack
- Bypassing filters using dynamic constructed strings
- Bypassing filters using tag modifiers
- Bypassing filters using encoding
- Other common strings
- Avoiding input validation controls
- Follow the flow
- Detecting XSS bugs in real life
- How do we detect XSS bugs?
- Self XSS
- Flash-based XSS
- Blind XSS
- Other types of XSS attacks
- DOM-based XSS
- Stored cross-site scripting
- Reflected cross-site scripting
- Types of cross-site scripting
- Cross-Site Scripting Attacks
- Summary
- Yahoo PHP info disclosure
- Bypassing the GitLab 2F authentication
- HackerOne S buckets open
- Shopify S buckets open
- HackerOne signal manipulation
- Binary.com vulnerability – stealing a user's money
- Starbucks race conditions
- Bypassing the Shopify admin authentication
- Application logic vulnerabilities in the wild
- Analyzing the traffic
- Keywords related to technologies
- Naming conventions
- Out-band channels
- User input
- Analysis
- Points of interest
- Spidering
- Following the flow
- What is the main problem?
- Origins
- Application Logic Vulnerabilities
- Summary
- Badoo full account takeover
- Shopify Twitter disconnect
- Shopify for exporting installed users
- CSRF in the wild
- JavaScript hijacking
- HTML injection
- Cross-domain policies
- XSS – CSRF's best friend
- Avoiding problems with authentication
- Detecting and exploiting CSRF
- CSRF – more safe protection
- Using HTTPS instead of HTTP
- URL rewriting
- Complex flow
- Request restrictions
- Secret cookies
- CSRF-unsafe protections
- POST CSRF
- GET CSRF
- Why does the CSRF exist?
- Protecting the cookies
- Cross-Site Request Forgery
- Summary
- Key learning from this report
- LocalTapiola SQL injection
- Key learning from this report
- Zomato SQL injection
- Key learning from this report
- Grab taxi SQL Injection
- Key learning from this report
- Uber SQL injection
- Goals of an SQL injection attack for bug bounty hunters
- Out-of-band SQLi
- Inferential SQLi (blind SQLi)
- In-band SQLi (classic SQLi)
- Types of SQL injection vulnerability
- SQL injection
- SQL Injection Vulnerabilities
- Summary
- Responding to the queries of the team
- Writing remediation
- Writing impact of a report
- Writing exploitability of a report
- Writing the proof of concept of a report
- Writing the description of a report
- Writing title of a report
- Format of a bug bounty report
- Respect
- Estimation
- Depth
- Clarity
- Salient features of a bug bounty report
- Commitment to researchers
- Nonqualifying vulnerabilities
- Conduct guidelines
- Eligibility for participation
- Reward and qualifications
- Excluded domains
- Participating services
- Mission statement
- Referring to the policy of the program
- Prerequisites of writing a bug bounty report
- How to Write a Bug Bounty Report
- Summary
- Chaining vulnerabilities
- Gaining experience with bug bounty hunting
- Automating your vulnerabilities
- Keeping yourself up-to-date
- Learning about vulnerabilities
- Keeping your expectations low
- Approaching the target with clarity
- Targeting the right program
- Rules of bug bounty hunting
- Learning and networking with others
- Starting bug bounty hunting
- Learning from reports
- Reading proof of concepts
- Practicing what you learned
- Reading books
- How to become a bug bounty hunter
- Bug bounty hunting methodology
- Accuracy
- Impact
- Signal
- Reputation points
- Number of halls of fame
- Number of vulnerabilities
- Bug bounty hunter statistics
- Private programs
- Public programs
- Types of bug bounty program
- Synack
- Cobalt
- Bugcrowd
- HackerOne
- Bug bounty hunting platforms
- Basics of Bug Bounty Hunting
- Disclaimer
- Reviews
- Get in touch
- Conventions used
- What this book covers
- Who this book is for
- Preface
- Packt is searching for authors like you
- About the reviewers
- About the authors
- Contributors
- Packt.com
- Why subscribe?
- About Packt
- Title Page
- coverpage
- coverpage
- Title Page
- About Packt
- Why subscribe?
- Packt.com
- Contributors
- About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- Conventions used
- Get in touch
- Reviews
- Disclaimer
- Basics of Bug Bounty Hunting
- Bug bounty hunting platforms
- HackerOne
- Bugcrowd
- Cobalt
- Synack
- Types of bug bounty program
- Public programs
- Private programs
- Bug bounty hunter statistics
- Number of vulnerabilities
- Number of halls of fame
- Reputation points
- Signal
- Impact
- Accuracy
- Bug bounty hunting methodology
- How to become a bug bounty hunter
- Reading books
- Practicing what you learned
- Reading proof of concepts
- Learning from reports
- Starting bug bounty hunting
- Learning and networking with others
- Rules of bug bounty hunting
- Targeting the right program
- Approaching the target with clarity
- Keeping your expectations low
- Learning about vulnerabilities
- Keeping yourself up-to-date
- Automating your vulnerabilities
- Gaining experience with bug bounty hunting
- Chaining vulnerabilities
- Summary
- How to Write a Bug Bounty Report
- Prerequisites of writing a bug bounty report
- Referring to the policy of the program
- Mission statement
- Participating services
- Excluded domains
- Reward and qualifications
- Eligibility for participation
- Conduct guidelines
- Nonqualifying vulnerabilities
- Commitment to researchers
- Salient features of a bug bounty report
- Clarity
- Depth
- Estimation
- Respect
- Format of a bug bounty report
- Writing title of a report
- Writing the description of a report
- Writing the proof of concept of a report
- Writing exploitability of a report
- Writing impact of a report
- Writing remediation
- Responding to the queries of the team
- Summary
- SQL Injection Vulnerabilities
- SQL injection
- Types of SQL injection vulnerability
- In-band SQLi (classic SQLi)
- Inferential SQLi (blind SQLi)
- Out-of-band SQLi
- Goals of an SQL injection attack for bug bounty hunters
- Uber SQL injection
- Key learning from this report
- Grab taxi SQL Injection
- Key learning from this report
- Zomato SQL injection
- Key learning from this report
- LocalTapiola SQL injection
- Key learning from this report
- Summary
- Cross-Site Request Forgery
- Protecting the cookies
- Why does the CSRF exist?
- GET CSRF
- POST CSRF
- CSRF-unsafe protections
- Secret cookies
- Request restrictions
- Complex flow
- URL rewriting
- Using HTTPS instead of HTTP
- CSRF – more safe protection
- Detecting and exploiting CSRF
- Avoiding problems with authentication
- XSS – CSRF's best friend
- Cross-domain policies
- HTML injection
- JavaScript hijacking
- CSRF in the wild
- Shopify for exporting installed users
- Shopify Twitter disconnect
- Badoo full account takeover
- Summary
- Application Logic Vulnerabilities
- Origins
- What is the main problem?
- Following the flow
- Spidering
- Points of interest
- Analysis
- User input
- Out-band channels
- Naming conventions
- Keywords related to technologies
- Analyzing the traffic
- Application logic vulnerabilities in the wild
- Bypassing the Shopify admin authentication
- Starbucks race conditions
- Binary.com vulnerability – stealing a user's money
- HackerOne signal manipulation
- Shopify S buckets open
- HackerOne S buckets open
- Bypassing the GitLab 2F authentication
- Yahoo PHP info disclosure
- Summary
- Cross-Site Scripting Attacks
- Types of cross-site scripting
- Reflected cross-site scripting
- Stored cross-site scripting
- DOM-based XSS
- Other types of XSS attacks
- Blind XSS
- Flash-based XSS
- Self XSS
- How do we detect XSS bugs?
- Detecting XSS bugs in real life
- Follow the flow
- Avoiding input validation controls
- Other common strings
- Bypassing filters using encoding
- Bypassing filters using tag modifiers
- Bypassing filters using dynamic constructed strings
- Workflow of an XSS attack
- HackeroneXSS
- Executing malicious JS
- Embedding unauthorized images in the report
- Redirecting users to a different website
- Key learning from this report
- Slack XSS
- Embedding malicious links to infect other users on Slack
- Key learning from this report
- TrelloXSS
- Key learning from this report
- Shopify XSS
- Key learning from this report
- Twitter XSS
- Key learning from this report
- Real bug bounty examples
- Shopify wholesale
- Shopify Giftcard Cart
- Shopify currency formatting
- Yahoo Mail stored XSS
- Google image search
- Summary
- SQL Injection
- Origin
- Types of SQL injection
- In-band SQL injection
- Inferential
- Out-of-band SQL injection
- Fundamental exploitation
- Detecting and exploiting SQL injection as if tomorrow does not exist
- Union
- Interacting with the DBMS
- Bypassing security controls
- Blind exploitation
- Out-band exploitations
- Example
- Automation
- SQL injection in Drupal
- Summary
- Open Redirect Vulnerabilities
- Redirecting to another URL
- Constructing URLs
- Executing code
- URL shorteners
- Why do open redirects work?
- Detecting and exploiting open redirections
- Exploitation
- Impact
- Black and white lists
- Open redirects in the wild
- Shopify theme install open redirect
- Shopify login open redirect
- HackerOne interstitial redirect
- XSS and open redirect on Twitter
- Summary
- Sub-Domain Takeovers
- The sub-domain takeover
- CNAME takeovers
- NS takeover
- MX takeovers
- Internet-wide scans
- Detecting possibly affected domains
- Exploitation
- Mitigation
- Sub-domain takeovers in the wild
- Ubiquiti sub-domain takeovers
- Scan.me pointing to Zendesk
- Starbucks' sub-domain takeover
- Vine's sub-domain takeover
- Uber's sub-domain takeover
- Summary
- XML External Entity Vulnerability
- How XML works
- How is an XXE produced?
- Detecting and exploiting an XXE
- Templates
- XXEs in the wild
- Read access to Google
- A Facebook XXE with Word
- The Wikiloc XXE
- Summary
- Template Injection
- What's the problem?
- Examples
- Twig and FreeMaker
- Smarty
- Marko
- Detection
- Exploitation
- Mitigation
- SSTI in the wild
- Uber Jinja2 TTSI
- Uber Angular template injection
- Yahoo SSTI vulnerability
- Rails dynamic render
- Summary
- Top Bug Bounty Hunting Tools
- HTTP proxies requests responses and traffic analyzers
- Burp Suite
- Wireshark
- Firebug
- ZAP – Zed Attack Proxy
- Fiddler
- Automated vulnerability discovery and exploitation
- Websecurify (SECAPPS)
- Acunetix
- Nikto
- sqlmap
- Recognize
- Knockpy
- HostileSubBruteforcer
- Nmap
- Shodan
- What CMS
- Recon-ng
- Extensions
- FoxyProxy
- User-Agent Switcher
- HackBar
- Cookies Manager+
- Summary
- Top Learning Resources
- Training
- Platzi
- Udemy
- GIAC
- Offensive Security
- Books and resources
- Web Application Hacker's Handbook
- OWASP Testing Guide
- Hacking 101
- The Hacker Play Book
- Exploiting Software
- CTFs and wargames
- Hack The Box
- Damn Vulnerable Web Application
- Badstore
- Metasploitable
- YouTube channels
- Web Hacking Pro Tips
- BugCrowd
- HackerOne
- Social networks and blogs
- Exploitware Labs
- Philippe Hare Wood
- PortSwigger's blog
- Meetings and networking
- LiveOverflow
- OWASP meetings
- DEFCON meetings
- 2600 meetings
- Conferences
- DEFCON
- BlackHat
- BugCON
- Ekoparty
- Code Blue
- CCC
- H2HC
- 8.8
- Podcasts
- PaulDotCom
- Summary
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時(shí)間:2021-06-10 18:36:23
