Preface

            $IBQUFS  , SQL, Code Injection and Scanners, describes the different varieties of code
            injection attacks and how to safely test for them, covering different types of injection, such
            as blind or error-based injection.

            $IBQUFS  , CSRF and Insecure Session Authentication, discusses vulnerabilities related to
            insecure session authentication, focusing on CSRF and how to create a CSRF PoC to test for
            them.

            $IBQUFS  , Detecting XML External Entities (XEE), focuses on XML External Entity
            vulnerability detection and related XML injection techniques that can work in conjunction
            with XXE.

            $IBQUFS  , Access Control and Security Through Obscurity, goes over how to find hidden
            information/data leaks in web applications and discerning between what data is important
            (and will win you an award) and whatcs not. It covers different types of sensitive data and
            gives you examples from the field.
            $IBQUFS  , Framework and Application-Specific Vulnerabilities, covers approaching a
            pentesting engagement from the perspective of testing for application/framework-specific
            vulnerabilities, focusing on general Known Common Vulnerabilities and Exposures
            (CVEs), as well as methods for testing WordPress, Rails, and Django apps, including
            strategies, tools, tips, and tricks.

            $IBQUFS   , Formatting Your Report, goes over how to compose a bug report to receive the
            maximum payout, drawing on examples and information from earlier vulnerability-specific
            chapters and providing examples (with commentary) on the finer considerations of your
            submission.

            $IBQUFS   , Other Tools, goes over other tools not covered in the course of the vulnerability
            examples and how to vet new ones. It also explains how to evaluate free versus paid
            products and jumping off points for pentesting regimens that focus on bugs not detailed
            extensively in the work (for example, weak WAF rules/network gaps).
            $IBQUFS   , Other (Out-of-Scope) Vulnerabilities, goes over other vulnerabilities not covered
            in the course of the book and why they donct command payouts in most bug bounty
            programs.
            $IBQUFS   , Going Further, explains where the reader can turn to for more information
            about participating in bug bounty programs - running through courses and resources for
            continuing to develop your security acumen. It also features a dictionary of
            pentesting/security terms to clearly define the way the book employs certain terminology.





                                                     [ 2 ]