Other (Out of Scope) Vulnerabilities                                       Chapter 12

                   6.  What is physical testing?
                   7.  What are some things that can make a CSRF vulnerability out-of-scope?
                   8.  What are dark patterns?
                   9.  Why aren't brute force-related vulnerabilities rewarded with payouts?



            Further Reading

            You can find out more about some of the topics we have discussed in this chapter at:

                      Facebook Self-XSS Scam: IUUQT   XXX UPNTHVJEF DPN VT GBDFCPPL TFMG
                      YTT OFXT       IUNM
                      GitHub DDoS Attack: IUUQT   XXX UIFSFHJTUFS DP VL            XPSMET@
                      CJHHFTU@EEPT@BUUBDL@SFDPSE@CSPLFO@BGUFS@KVTU@GJWF@EBZT
                      TLS/SSL Vulnerability Attacks: IUUQT   XXX BDVOFUJY DPN CMPH BSUJDMFT
                      UMT WVMOFSBCJMJUJFT BUUBDLT GJOBM QBSU
                      Detectify Labs on CSRF Logouts: IUUQT   MBCT EFUFDUJGZ DPN
                      MPHJOMPHPVU DTSG UJNF UP SFDPOTJEFS
                      Dark Patterns: IUUQT   EBSLQBUUFSOT PSH



































                                                    [ 196 ]