"A comprehensive guide designed to prepare any application security tester for participation in bug bounty programs. Beginning with a thorough overview of how to get started in the bug bounty industry, the book then dives into how to prevent, exploit, and escalate specific vulnerabilities before concluding with in-depth techniques for the experienced hacker"--
Inhaltsverzeichnis
Introduction
Introduction
Part I: The Industry
Chapter 1: Picking a Bug Bounty Program
Chapter 2: Sustaining Your Success
Part II: Getting Started
Chapter 3: How the Internet Works
Chapter 4: Environmental Setup and Traffic Interception
Chapter 5: Web Hacking Reconnaissance
Part III: Web Vulnerabilities
Chapter 6: Cross-Site Scripting
Chapter 7: Open Redirects
Chapter 8: Clickjacking
Chapter 9: Cross-Site Request Forgery
Chapter 10: Insecure Direct Object Reference
Chapter 11: SQL Injection
Chapter 12: Race Conditions
Chapter 13: Server-Side Request Forgery
Chapter 14: Insecure Deserialization
Chapter 15: XML External Entity Vulnerabilities
Chapter 16: Template Injection
Chapter 17: Application Logic Errors and Broken Access Control
Chapter 18: Remote Code Execution
Chapter 19: Same Origin Policy Issues
Chapter 20: Single Sign-on Issues
Chapter 21: Information Disclosure
Part IV: Expert Techniques
Chapter 22: Conducting Code Reviews
Chapter 23: Hacking Android Apps
Chapter 24: API Hacking
Chapter 25: Automatic Vulnerability Discovery Using Fuzzers
Index
