Page 236 - Hands-On Bug Hunting for Penetration Testers
P. 236
Cross-Origin Resource Sharing (CORS)
company-sponsored initiatives Cross-Site Request Forgery (CSRF)
about about
Amazon end-to-end example , ,
Facebook report information, gathering
GitHub Cross-Site Scripting (XSS)
Google about
Microsoft Burp Suite
component vulnerabilities in Google Gruyere
Computer Fraud and Abuse Act (CFAA) overview
courses payload options
about payload processing
attack scenario payload sets
attack surface report information, gathering
black box testing testing
Cross-Origin Resource Sharing (CORS) validator
data exfiltration CSRF logout
data leakage CSRF PoCs
data sanitation building
exploit code snippet, creating ,
fingerprinting programmatically, creating ,
fuzzing using
Google Dorks validating
Infosec Institute coursework
known component vulnerability D
OSINT Darknet
passive scanning, versus active scanning
URL
payload data exfiltration
penetration testing, with Kali Linux data leak vectors
Proof-of-Concept (PoC) about
red team
client source code
Remote Code Execution (RCE) config files
Rules of Engagement (RoE) error messages
safe harbor hidden fields
scope public code repos
security posture data leakage
single-origin policy about , ,
submission report report information, gathering
terminology data leaks
Udemy penetration testing classes
about
vulnerability access tokens
White box testing
account and application data
workflow API keys
zero-day
encryption keys
critical information hostnames
[ 221 ]
