Page 216 - Hands-On Bug Hunting for Penetration Testers
P. 216
Going Further Chapter 13
Black Box Testing
In black box testing scenarios, the auditing researcher does not have access to the
underlying source code, architecture documents, internal wikis, or any other information
available to the internal development teams at the audited company. All of the scenarios in
this book and all the advice given assumes a black box framework.
Bugs
The term bugs is used synonymously with vulnerabilities. It's important to note here that
the usage of "bug" does not include functional UX/UI bugs (for example, a modal opens and
closes before you can fill out a form, a CSS artifact keeps you from reading an explanatory
tooltip, the text color is too light to be read, and so on). We mean bug only in the sense that
the term is used in the security/pentesting community.
Bug Bounty Programs
This book focuses on public or near-public programs that reward researchers for
contributing valid vulnerability discoveries to the company or companies behind the
program. Sometimes that reward comes in a gamified point system (Bugcrowd's kudos)
swag, recognition (often on a wall of fame-type display), money, or some combination of
these. The term near-public refers to private bounty programs where invitations to test the
application are awarded to researchers on the basis of past performance, average severity of
vulnerabilities discovered, and other career stats. This definition of bug bounty programs
leaves out situations where an individual or team of pentesters signs an exclusive contract
for their services. In that case, many of the techniques we discuss will still carry over, but
the format and nature of the reports would differ.
CORS
Cross-Origin Resource Sharing (CORS) is a method by which services with different
origins (IP addresses, ports, and so on) can, well, share resources. CORS comes up in our
discussion of XSS in $IBQUFS , Unsanitized Data ` An XSS Case Study, when we discuss the
single-origin policy.
[ 201 ]
