Page 29 - Hands-On Bug Hunting for Penetration Testers
P. 29

Joining the Hunt                                                            Chapter 1

            So it's good to put some thought into the exploit's general form d with stored XSS, you
            could rewrite critical parts of the page where the script is being executed, or grab an
            authentication cookie and send it to a server listening for those credentials, or other
            attacks d but assessing the impact of that exploit still falls short of writing code that
            damages people and processes.
            Don't write exploit code. If you're in the United States, the legal penalties are severe d as of
            this writing, the Computer Fraud and Abuse Act (CFAA) means that even a slight
            violation of a site's terms of service can result in a felony. Businesses are also quick to
            prosecute independent researchers not abiding by their rules of engagement, which is
            the condition researchers must follow when probing an application for vulnerabilities. Even
            if there's no threat of legal action, civil or criminal, hacking those sites defrauds innocent
            people, hurts small businesses, provokes a legislative overreaction, erodes privacy, and just
            generally makes the whole web worse.
            It's not worth it.

            With that out of the way, we can move on to the first step in any bug hunting adventure:
            choosing what program to use, what site to explore, along with where d and how d to find
            vulnerabilities.



            Summary

            This chapter has covered the origin and benefits of bug bounty programs, the background
            knowledge you need coming in, an overview of some of the tools we'll use in our
            engagements, how to get the most out of this book (practice on allowed sites), and finally,
            the moral and legal peril you risk by not abiding by a target site's rules of engagement or
            code of conduct.

            In the next chapter, we'll cover different types of bug bounty programs, the key factors
            differentiating them, how you can evaluate where you should participate, as well as what
            applications make good targets, where you should focus your research, and finally, how
            you can use a program's rules of engagement to minimize your legal liability as a security
            researcher.












                                                    [ 14 ]
   24   25   26   27   28   29   30   31   32   33   34