Page 16 - Hands-On Bug Hunting for Penetration Testers
P. 16
Preface
This book is designed to give interested coders (part-time, professional, and otherwise) the
skills they need to start participating in public bug bounty programs, covering both general
pentesting subjects, such as scoping your testing sessions appropriately, and bounty-
specific security topics, such as how to format your bug submission report to ensure the
best chance of earning a reward.
As the need for security audits on the public web grows, crowdsourced solutions are
becoming more popular. This book aims to give you everything you need to participate in
those programsbwalking you through important topics with a mix of theory and direct,
hands-on examples.
Who this book is for
This book is written for developers, hobbyists, pentesters, and anyone with an interest (and
maybe a little experience) in web application security and public bug bounty programs.
What this book covers
$IBQUFS , Joining the Hunt, introduces the concept of bug bounties, their value to
companies, and the most common types of programs. It also sets up expectations for what
the reader should know going into the book.
$IBQUFS , Choosing Your Hunting Ground, explains how to evaluate individual bug bounty
programs and whether to participate in them. It explains factors such as payouts,
community engagement, terms of engagements, and participating in company quality.
$IBQUFS , Preparing for an Engagement, explains how to prepare for a pentesting
engagement, from how to standardize the reconnaissance process, to understanding the
applicationcs attack surface, to the importance of good note taking and, later, preparing
submission reports.
$IBQUFS , Unsanitized Data ` An XSS Case Study, describes how and where to find XSS
vulnerabilities - a variety of code injection that represents one of the most common web
application vulnerabilities today.
