Page 231 - Hands-On Bug Hunting for Penetration Testers
P. 231
Assessment
6. Physical testing involves breaking into a company's actual office or building to
gain access to a network through an on-site device. For public bug bounty
programs, it is completely out of scope.
7. If a CSRF bug is associated with an anonymous form or other un-privileged
input, there's not enough of an attack scenario to warrant a payout.
8. Dark patterns are UX designs that are intended to trick or defraud users.
9. Most services can be brute-forced, given the time and resource. Pointing this out
does not constitute useful, actionable security advice.
Chapter 13
1. The SANS Institute and Bugcrowd blogs, along with Darknet, HighOn.Coffee,
and others, all represent good sources for up-to-date technical tutorials and
security news.
2. Public bug bounties, which do not grant researchers privileged access to source
code, are strictly Black Box affairs.
3. RCE allows for a staggering array of exploits. With the full powers of a Turing
Complete scripting language, there's no limiting the damage.
4. "Safe Harbor" here is used to describe the policy that companies won't prosecute
researchers who abide by certain terms.
5. Cross-Origin Resource Sharing is a system that governs the security process for
resource requests coming from different origins (hostnames, ports, and so on).
6. An organization's security posture is simply its ability to deter, detect, and
respond to digital threats.
7. Fingerprinting an application provides you with server software and version
information, application language, database information, and other useful data
points to shape your pentesting engagement.
8. OSCP stands for Offensive Security Certified Professional and is a professional
certification offered by Offensive Security.
[ 216 ]
