Page 229 - Hands-On Bug Hunting for Penetration Testers
P. 229
Assessment
3. The XQTDBO CLI allows for greater integration with your existing automation
suite, but the Burp extension better supports passive scanning functionality.
4. Always keep in mind the opinionated structure of Rails and historical
weaknesses with session authentication when probing for vulnerabilities.
5. Docker provides a simple, containerized structure for encapsulating any
dependency set your tools might need, making them more portable and
extensible.
6. OVAL stands for Open Vulnerability Assessment Language and is a series of
definitions for standardized, machine-readable tests for testing for known
vulnerabilities.
7. Leaving the Django %( mode on is a common problem that can potentially
provide a path to an attack scenario. Also, look for any exposed admin
functionality associated with Django's default admin page.
Chapter 10
1. RCE stands for Remote Code Execution.
2. Links to OWASP or other respected security organization pages about your
specific variety of bug can help everyone involved in vetting the vulnerability get
on the same page.
3. Every bug report submission should absolutely contain the type of vulnerability,
a description, timestamp, attack scenario, and steps to reproduce, at minimum.
4. The VRT is a set of standards created by Bugcrowd to foster a common
understanding of vulnerability severity for researchers, developers, and other
security stakeholders. CVSS is a similar, compatible system.
5. If an internal team can't reproduce your issue, they can't be certain of its severity
and impact.
6. Well-written attack scenarios are specific, technically-informed, documented, and
realistic. They convey the gravity of the situation without overreaching.
7. HackerOne's Hacktivity section and Vulnerability Lab's home page, among
others, are great resources for bug reports documenting production
vulnerabilities.
8. Screenshots, plain text files, and other supporting documentation is all important
to include in your bug report.
[ 214 ]
