Table of Contents






             Preface                                                                            1
             Chapter 1: Joining the Hunt                                                        6
                Technical Requirements                                                          6
                The Benefits of Bug Bounty Programs                                             7
                What You Should Already Know – Pentesting Background                           10
                Setting Up Your Environment – Tools To Know                                    10
                What You Will Learn – Next Steps                                               12
                How (Not) To Use This Book – A Warning                                         12
                Summary                                                                        14
                Questions                                                                      15
                Further Reading                                                                15
             Chapter 2: Choosing Your Hunting Ground                                           16
                Technical Requirements                                                         16
                An Overview of Bug Bounty Communities – Where to Start Your
                Search                                                                         16
                    Third-Party Marketplaces                                                   17
                       Bugcrowd                                                                17
                       HackerOne                                                               18
                       Vulnerability Lab                                                       19
                       BountyFactory                                                           19
                       Synack                                                                  19
                    Company-Sponsored Initiatives                                              20
                       Google                                                                  21
                       Facebook                                                                21
                       Amazon                                                                  22
                       GitHub                                                                  22
                       Microsoft                                                               22
                    Finding Other Programs                                                     23
                    Money Versus Swag Rewards                                                  23
                    The Internet Bug Bounty Program                                            24
                    ZeroDisclo and Coordinated Vulnerability Disclosures                       24
                The Vulnerability of Web Applications – What You Should Target                 26
                Evaluating Rules of Engagement – How to Protect Yourself                       27
                Summary                                                                        29
                Questions                                                                      29
                Further Reading                                                                30
             Chapter 3: Preparing for an Engagement                                            31
                Technical Requirements                                                         32