Page 180 - Hands-On Bug Hunting for Penetration Testers
P. 180

Formatting Your Report                                                     Chapter 10

            If you're reporting on a vulnerability that features a payload, that's important. Including
            links to reference pages from OWASP, NIST, and other respected security organizations
            can also be an effective way of clearly communicating the nature and type of vulnerability d
            directly referencing an OWASP page for a certain XSS type, for example (IUUQT   XXX
            PXBTQ PSH JOEFY QIQ 5FTUJOH@GPS@3FGMFDUFE@$SPTT@TJUF@TDSJQUJOH@ 05( */17"-
                ), immediately shows that you're familiar with the nature of the bug and understand
            its fundamental principles. If you're writing about an attack scenario enabled by a Known
            Component Vulnerability, it's vital that you include its CVE ID and a link to its
            vulnerability page.
            Your attack might make accessible flat files available, or they might be included as evidence
            of the vulnerability (for example, maybe you've discovered an old sample config file on the
            server with real credential values and you want to send a copy as part of your submission).
            While you might be able to send the files as corroborating evidence to your report, consider
            that you should only expect to send relatively safe files, such as  UYU,  KTPO,  YNM, or
            other common data types. No security team wants to risk the accidental execution of a  FYF
            or other potential malware. If possible, only include the relevant portion of the total file.



            Maximizing Your Award ` The Features That

            Pay


            If you'd like to get a sense of the payout you can expect for a certain bug, it's useful to look
            at both the individual page of the bounty you're participating in and a vulnerability rating
            system created by Bugcrowd called the Vulnerability Rating Taxonomy (VRT). The VRT
            (IUUQT   CVHDSPXE DPN WVMOFSBCJMJUZ SBUJOH UBYPOPNZ) is an attempt to systematically
            assess a vulnerability's severity in a way that provides a common frame of reference for
            researchers, developers, and managers alike. The VRT is also compatible with another
            attempt at providing a common threat metric, the Common Vulnerability Scoring System
            (CVSS)bVRT can be used to calculate CVSS. Understanding the VRT can help you direct
            your efforts to bugs that will give you the most value for your time.
















                                                    [ 165 ]
   175   176   177   178   179   180   181   182   183   184   185