Hands-On Bug Hunting for Penetration Testers

▶What this book covers
？ Chapter 1, Joining the Hunt, introduces the concept of bug bounties, their value to companies, and the most common types of programs. It also sets up expectations for what the reader should know going into the book.

？ Chapter 2, Choosing Your Hunting Ground, explains how to evaluate individual bug bounty programs and whether to participate in them. It explains factors such as payouts, community engagement, terms of engagements, and participating in company quality.

？ Chapter 3, Preparing for an Engagement, explains how to prepare for a pentesting engagement, from how to standardize the reconnaissance process, to understanding the application’s attack surface, to the importance of good note taking and, later, preparing submission reports.

？ Chapter 4, Unsanitized Data ？ An XSS Case Study, describes how and where to find XSS vulnerabilities - a variety of code injection that represents one of the most common web application vulnerabilities today.

？ Chapter 5, SQL, Code Injection and Scanners, describes the different varieties of code injection attacks and how to safely test for them, covering different types of injection, such as blind or error-based injection.

？ Chapter 6, CSRF and Insecure Session Authentication, discusses vulnerabilities related to insecure session authentication, focusing on CSRF and how to create a CSRF PoC to test for them.

？ Chapter 7, Detecting XML External Entities (XEE), focuses on XML External Entity vulnerability detection and related XML injection techniques that can work in conjunction with XXE.

？ Chapter 8, Access Control and Security Through Obscurity, goes over how to find hidden information/data leaks in web applications and discerning between what data is important (and will win you an award) and what’s not. It covers different types of sensitive data and gives you examples from the field.

？ Chapter 9, Framework and Application-Specific Vulnerabilities, covers approaching a pentesting engagement from the perspective of testing for application/framework-specific vulnerabilities, focusing on general Known Common Vulnerabilities and Exposures (CVEs), as well as methods for testing WordPress, Rails, and Django apps, including strategies, tools, tips, and tricks.

？ Chapter 10, Formatting Your Report, goes over how to compose a bug report to receive the maximum payout, drawing on examples and information from earlier vulnerability-specific chapters and providing examples (with commentary) on the finer considerations of your submission.

？ Chapter 11, Other Tools, goes over other tools not covered in the course of the vulnerability examples and how to vet new ones. It also explains how to evaluate free versus paid products and jumping off points for pentesting regimens that focus on bugs not detailed extensively in the work (for example, weak WAF rules/network gaps).

？ Chapter 12, Other (Out-of-Scope) Vulnerabilities, goes over other vulnerabilities not covered in the course of the book and why they don’t command payouts in most bug bounty programs.

？ Chapter 13, Going Further, explains where the reader can turn to for more information about participating in bug bounty programs - running through courses and resources for continuing to develop your security acumen. It also features a dictionary of pentesting/security terms to clearly define the way the book employs certain terminology.