Documente Academic
Documente Profesional
Documente Cultură
Audience
The target reader does not have to have any knowledge about web application security or mobile application security
in order to read this book, the book will guide the reader through the process of bug bounty hunting and provide all
required knowledge for the reader to become a successful bug bounty hunter
Mission
Bug Bounty hunting is a new method which companies use to test their applications, The book allows readers
to train themselves as bug bounty hunters to excel in the field of application security.
There is no dedicated methodology in place right now to help researchers upskill themselves and become bug
bounty hunters, that is why there is ambiguity as to what the field is about, the book solves that problem
The book will start with teaching researchers the basics of bug bounty hunting, like the platforms, the
reporting methodologies, the do’s and don’ts. Then it will analyze every web application and mobile
application vulnerability with reference to several bug bounty reports teaching the reader what the book is
all about654r
General structure
Use this section to set out a high-level structure for the book – to set out a series of stages that will take the reader to
the mission’s conclusion and cover the objectives. The aim is to develop a more structured book with a modular
outline that would be easier for our readers to use. We can do this along the following lines:
1. Divide books into approximately 3-5 parts. These will consist of a few chapters each. They will provide a simple
overall structure to the book. This can be as simple as “basics, core content, and advanced techniques”.
2. Each chapter should have a clear focus. Avoiding vague divisions like part 1/part 2 or basic/advanced. Each
chapter title should clearly state what aspect of the overall topic the chapter deals with, in language the readers will
easily understand.
3. Each chapter should divide into approximately 5 sections. These will all have a clear focus of their own,
subdividing the chapter’s topic into subtopics or stages.
Each section, chapter, and part should work on its own and flow naturally from section to section. We should assume
that some readers will work through the book cover to cover, and others will come in just for specific sections. The
book must work for both kinds of readers -- as a tutorial and a reference. Each chapter should have a strong focus
and all chapter titles should reflect it.
Before moving into the details, check: is this really giving readers what they want? Does every step move them
significantly closer to the goal? Is there anything I could take out, or anything I need to add to enable the reader to
complete the mission? Feel free to discuss with your editor if you want a second brain involved.
Detailed outline
Introduction
How It All Started
Just Examples and My First Sale
Who This Book Is Written For
Chapter Overview
Word of Warning and a Favour
Background
Getting Started
Information Gathering
Application Testing
Digging Deeper
Summary
Skills Learned:
1. How to start bug bounty hunting
2. What platforms to use
3. How to hunt for bugs in applications
Vulnerability Reports
Read the disclosure guidelines
Include Details Then Include More
Confirm the Vulnerability
Show Respect for the Company
Bounties
Skills:
1. How to write bug bounty reports
2. How to respond to company’s
3. How to increase chances of payout
HTML Injection
Description
Examples
Coinbase Comments
Hacker One Unintended HTML Inclusion
Within Security Content Spoofing
Summary
Skills Learned:
1. What is HTML Injection
2. Top HTML Injection BB reports
3. How to find HTML Injection
Skills Learned:
1. How to find HPP bugs in applications
2. Top HPP Bug Bounty reports
3. HPP Essentials
Description
Twitter HTTP Response Splitting
Shopify com Response Splitting
Summary
Skills Learned:
1. How CRLF attack works
2. What are top CRLF bugs
3. How can CRLF be used against systems
Description
Examples
Shopify Export Installed Users
Shopify Twitter Disconnect
Badoo Full Account Takeover
Summary
Skills Learned:
1. How CSRF attack works
2. Top CSRF BB reports
3. Preventing CSRF attacks
Description
Examples
Shopify Administrator Privilege Bypass
Starbucks Race Conditions
Binarycom Privilege Escalation
HackerOne Signal Manipulation
Shopify S Buckets Open
HackerOne S Buckets Open
Bypassing GitLab Two Factor Authentication
Yahoo PHP Info Disclosure
HackerOne Hacktivity Voting
The Art of Bug Bounty Hunting Page 5 01 December 2019
Accessing PornHub’s Memcache Installation
Summary
Skills Learned:
1. What are business logic flaws
2. How to find business flaws
3. How do business Logic flaws work
Skills Learned:
1. What are XSS attacks
2. How to find XSS in bug Bounty programs
3. Top XSS reports
Skills Learned:
1. How to find SQL injection
2. How does SQL injection work
3. SQL injection in bug bounty program
Description
Examples
Shopify Theme Install Open Redirect
Shopify Login Open Redirect
HackerOne Interstitial Redirect
Summary
Skills Learned:
1. What are open redirect vulnerabilities
2. How to identify them
3. How do they work
Description
Examples
Ubiquiti sub domain Takeover
Scanme Pointing to Zendesk
Swiping Facebook Official Access Tokens
Summary
Skills Learned:
1. How to find sub domain takeover vulnerabilities
2. What are top bug bounty reports
3. How to prevent SDT
Description
Examples
Polyvore ImageMagick
Summary
Skills Learned:
1. What is an RCE
2. How to find RCE vulnerabilities in BB programs
Description
Examples
Uber Angular Template Injection
Uber Template Injection
Rails Dynamic Render
Summary
Skills Learned:
1. How to find Template injection in web application
2. What is client side and server side template injection
3. How to prevent it
Description
Examples
ESEA SSRF and Querying AWS Metadata
Summary
Burp Suite
Knockpy
HostileSubBruteforcer
sqlmap
Nmap
What CMS
Nikto
Recon-ng
idb
Wireshark
Google Dorks
JD GUI
Mobile Security Framework
Firefox Plugins
Cookie Manager+
Wappalyzer
Skills Learned:
1. What tools to use
2. How to use the tools
3. Where to use them
Description:
In this chapter, the reader will learn about all the learning resources that most top bug bounty hunters use to stay on
top of their game. Hackers will learn how to use the online platforms for their benefits of learning
Online Training
Web Application Exploits and Defenses
The Exploit Database
Udacity
Bug Bounty Platforms
Hackeronecom
Bugcrowdcom
Synackcom
Cobaltio
Video Tutorials
youtubecom/yaworsk
Seccastscom
Further Reading
OWASPcom
The Art of Bug Bounty Hunting Page 9 01 December 2019
Hackeronecom/hacktivity
Twitter #infsec
Twitter @disclosedh
Web Application Hackers Handbook
Bug Hunters Methodology
Recommended Blog
philippeharewoodcom
Philippe’s Facebook Page - wwwfacebookcom/phwd-
fintenet
shahmeeramircom
NahamSeccom
blogit-securityguardcom
bloginnerhtml
blogorangetw
Portswigger Blog
Nvisium Blog
blogzsecuk
Bug Crowd Blog
HackerOne Blog
Skills learned:
1. Top online learning blogs
2. Learning methodologies
3. Top techniques used by bug hunters
Author Bio
Shahmeer Amir ranked 3rd most accomplished bug hunter worldwide has helped more than 400 organizations
including Facebook, Microsoft, Yahoo and Twitter resolve critical security issues in their systems. Following his vision
of a more safer internet, Shahmeer Amir is the Founder and CEO of Pakistan's Cyber Security startup Veiliux aiming to
secure all kinds of organizations. Shahmeer also holds a relevent certifications in the field of cyber security from
renowned organizations like EC-Council, Mile2, ELearn Security etc. By profession, Shahmeer is an electrical engineer
working on different IoT products to make the lives of people easier.