Page 12 - Hands-On Bug Hunting for Penetration Testers

P. 12

Table of Contents

Summary 142
Questions 143
Further Reading 143
Chapter 9: Framework and Application-Specific Vulnerabilities 144
Technical Requirements 145
Known Component Vulnerabilities and CVEs – A Quick Refresher 147
WordPress – Using WPScan 148
WPScan as a Dockerized CLI 148
Burp and WPScan 153
Ruby on Rails – Rubysec Tools and Tricks 157
Exploiting RESTful MVC Routing Patterns 158
Checking the Version for Particular Weaknesses 158
Testing Cookie Data and Authentication 158
Django – Strategies for the Python App 158
Checking for DEBUG = True 159
Probing the Admin Page 159
Summary 159
Questions 160
Further Reading 160
Chapter 10: Formatting Your Report 161
Technical Requirements 161
Reproducing the Bug – How Your Submission Is Vetted 162
Critical Information – What Your Report Needs 164
Maximizing Your Award – The Features That Pay 165
Example Submission Reports – Where to Look 167
Hackerone Hacktivity 168
Vulnerability Lab Archive 169
GitHub 170
Summary 171
Questions 171
Further Reading 171
Chapter 11: Other Tools 172
Technical Requirements 172
Evaluating New Tools – What to Look For 173
Paid Versus Free Editions – What Makes a Tool Worth It? 173
A Quick Overview of Other Options – Nikto, Kali, Burp Extensions,
and More 176
Scanners 176
Nikto 176
Zed Attack Proxy 176
w3af 176
nmap and python-nmap 177

[ v ]

7 8 9 10 11 12 13 14 15 16 17