Page 225 - Hands-On Bug Hunting for Penetration Testers
P. 225

Assessment

            Chapter 2


                   1.  Companies such as Bugcrowd and HackerOne will provide a standardized
                      submission template form, discolure guidelines, and payment system for the
                      participants of their programs, whereas individual company programs have to be
                      evaluated and complied with on an individual basis.
                   2.  Yes! In addition to giving you valuable experience, it can open the doors to
                      private programs that offer better testing opportunities.
                   3.  We use this term to refer to private bounty programs on platforms like Bugcrowd
                      where invites are only extended to a pre-selected, screened number of
                      researchers who meet certain criteria.
                   4.  You can find more resources in the Other tools and Going further sections.
                   5.  An older site with more opportunities for user inputs, using software that is not
                      updated regularly, and maintained by a small organization will find it naturally
                      harder to secure their attack surface than a large company with a smaller attack
                      surface and an internal security team.
                   6.  Coordinated Vulnerability Disclosure is a process and set of standards for
                      disclosing a vulnerability to a company through a third party.
                   7.  Following the rules of engagement closely is essential! Use tools to keep your
                      automated portions in-scope.

            Chapter 3



                   1.  XGV[[, paired with a comprehensive wordlist represents a powerful brute force
                      mapping toolbone that's effective, but should be used only when brute forcing is
                      appropriate.
                   2.  Site maps are a simple, free shortcut to basic reconnaissance. If one doesn't exist,
                      you can use Burp Spider to map the target application.
                   3.  If you're looking for a lower-impact alternative for mapping an attack surface,
                      you can navigate the target application with the browser connected to your Burp
                      Proxy and Burp will automatically build a sitemap.
                   4.  Scrapy is a great, extensible solution for scraping sites.
                   5.  Writing short, single purpose scripts allows you to mix and match functionality,
                      with a common foundation of text ensuring interoperability.
                   6.  SecLists is an excellent curated resource of a variety of malicious inputs.
                   7.  Striker is a Python scanner that is particularly useful in that it has DNS gathering
                      capabilities.


                                                    [ 210 ]
   220   221   222   223   224   225   226   227   228   229   230