Bug Bounty Bootcamp Cover

Bug Bounty Bootcamp

The Guide to Finding and Reporting Web Vulnerabilities
by Vickie Li
September 2021, 416 pp.
Use coupon code PREORDER to get 25% off!

Download Chapter 7: OPEN REDIRECTS

A comprehensive guide for any web application hacker, Bug Bounty Bootcamp is a detailed exploration of the many vulnerabilities present in modern websites and the hands-on techniques you can use to most successfully exploit them.

Bug Bounty Bootcamp prepares you for participation in bug bounty programs, which companies set up to reward hackers for finding and reporting vulnerabilities in their applications. The Bootcamp begins with guidance on writing high-quality bug reports and building lasting relationships with client organizations. You’ll then set up a hacking lab and dive into the mechanisms of common web vulnerabilities, like XSS and SQL injection, aided by thorough explanations of what causes them, how you can exploit them, where to find them, and how to bypass protections. You’ll also explore recon strategies for gathering intel on a target and automate recon with bash scripting. Finally, you’ll wade into advanced techniques, like hacking mobile apps, testing APIs, and reviewing source code for vulnerabilities.

Along the way, you’ll learn how to:

  • Identify and successfully exploit a wide array of common web vulnerabilities
  • Set up a hacking environment, configure Burp Suite, and use its modules to intercept traffic and hunt for bugs
  • Chain together multiple bugs for maximum impact and higher payouts
  • Bypass protection mechanisms like input sanitization and blocklists to make your attacks succeed
  • Automate tedious bug-hunting tasks with fuzzing and bash scripting
  • Set up an Android app testing environment

Thousands of data breaches happen every year. By understanding vulnerabilities and how they happen, you can help prevent malicious attacks, protect apps and users, and make the internet a safer place. Happy bug hunting!

Author Bio 

Vickie Li is a developer and security researcher experienced in finding and exploiting vulnerabilities in web applications. She has reported vulnerabilities to firms such as Facebook, Yelp and Starbucks and contributes to a number of online training programs and technical blogs.

Table of contents 


Part I: The Industry
Chapter 1: Picking a Bug Bounty Program
Chapter 2: Sustaining Your Success

Part II: Getting Started
Chapter 3: How the Internet Works
Chapter 4: Environmental Setup and Traffic Interception
Chapter 5: Web Hacking Reconnaissance

Part III: Web Vulnerabilities
Chapter 6: Cross-Site Scripting
Chapter 7: Open Redirects
Chapter 8: Clickjacking
Chapter 9: Cross-Site Request Forgery
Chapter 10: Insecure Direct Object References
Chapter 11: SQL Injection
Chapter 12: Race Conditions
Chapter 13: Server-Side Request Forgery
Chapter 14: Insecure Deserialization
Chapter 15: XML External Entity Vulnerabilities
Chapter 16: Template Injection
Chapter 17: Application Logic Errors and Broken Access Control
Chapter 18: Remote Code Execution
Chapter 19: Same Origin Policy Vulnerabilities
Chapter 20: Single-Sign-On Issues
Chapter 21: Information Disclosure

Part IV: Expert Techniques
Chapter 22: Conducting Code Reviews
Chapter 23: Hacking Android Apps
Chapter 24: API Hacking
Chapter 25: Automatic Vulnerability Discovery Using Fuzzers