Page 29 - Hands-On Bug Hunting for Penetration Testers
P. 29
Joining the Hunt Chapter 1
So it's good to put some thought into the exploit's general form d with stored XSS, you
could rewrite critical parts of the page where the script is being executed, or grab an
authentication cookie and send it to a server listening for those credentials, or other
attacks d but assessing the impact of that exploit still falls short of writing code that
damages people and processes.
Don't write exploit code. If you're in the United States, the legal penalties are severe d as of
this writing, the Computer Fraud and Abuse Act (CFAA) means that even a slight
violation of a site's terms of service can result in a felony. Businesses are also quick to
prosecute independent researchers not abiding by their rules of engagement, which is
the condition researchers must follow when probing an application for vulnerabilities. Even
if there's no threat of legal action, civil or criminal, hacking those sites defrauds innocent
people, hurts small businesses, provokes a legislative overreaction, erodes privacy, and just
generally makes the whole web worse.
It's not worth it.
With that out of the way, we can move on to the first step in any bug hunting adventure:
choosing what program to use, what site to explore, along with where d and how d to find
vulnerabilities.
Summary
This chapter has covered the origin and benefits of bug bounty programs, the background
knowledge you need coming in, an overview of some of the tools we'll use in our
engagements, how to get the most out of this book (practice on allowed sites), and finally,
the moral and legal peril you risk by not abiding by a target site's rules of engagement or
code of conduct.
In the next chapter, we'll cover different types of bug bounty programs, the key factors
differentiating them, how you can evaluate where you should participate, as well as what
applications make good targets, where you should focus your research, and finally, how
you can use a program's rules of engagement to minimize your legal liability as a security
researcher.
[ 14 ]