Page 194 - Hands-On Bug Hunting for Penetration Testers
P. 194

Other Tools                                                                Chapter 11

            Awesome Web Security

            The BXFTPNFMJTUT UPQ brand publishes curated content for a variety of tech niches (they
            have their own awesome AWS series, naturally). Their security list, awesome web security
            (IUUQT   HJUIVC DPN RB[CON    BXFTPNF XFC TFDVSJUZ), is a great resource, and even
            links to other related curated repos, such as the organization's own BXFTPNF CVH CPVOUZ
            collection of bug bounty resources. It also contains a number of links to great write-ups and
            walkthroughs on topics such as browser extension data leaks, IoT vulnerability scanning,
            and how data science and machine learning intersect with security.


            Kali Linux

            Kali (formerly BackTrack) is a security-focused Linux distribution that comes pre-packaged
            with a lot of the tools we've been using throughout the book, such as Burp Suite, as well as
            others, such as Maltego, Metasploit, and Wireshark.

            And because you can boot and run Kali from a live CD, it's potentially very lightweight.
            There's no need to do a persistent install on hardware and no need to write any data to
            disk. These two features of Kali (it's portability and preloaded assets), make it a great choice
            for pentesters who might not have regular access to their own machine.


            Source Code Analysis (White Box) Tools


            Source code analysis is typically outside the scope of a public bug bounty program (which
            is why is doesn't get more coverage in this book). Companies are naturally hesitant to open
            source their code to a body of security researchers if open source isn't a part of their
            business model.

            But if you find yourself in a private contract where you engage in white box testing with
            access to source code, or you have access to the code through GitHub or Bitbucket, there are
            several tools you can use to help identify problem areas.


            Pytaint

            Pytaint is a tool that allows you to do taint analysis on Python code. That means tracing the
            flow of data through the application, from entry points in input fields, API endpoints and
            other ingress pipelines, looking for areas where the data is mishandled or improperly
            sanitized.




                                                    [ 179 ]
   189   190   191   192   193   194   195   196   197   198   199