245 8th Street
San Francisco, CA 94103







Katie Haemmerle, Marketing Associate

[email protected], 415.294.3739


Real-World Bug Hunting

A field guide to finding and reporting web vulnerabilities


bughunting_cover-front.pngSan Francisco, CA (June 20, 2019)Real-World Bug Hunting ($39.95, 256 pp., June 2019) is the hacker’s field guide to spotting website vulnerabilities. Designed to help white hat hackers make the internet a safer place, the book catalogs common bugs alongside the tricks and techniques for sniffing them out, explaining the sport in plain language suitable for anyone from the experienced coder to the total newb. This information will help programmers stress-test their own work, quality assurance technicians improve the work of others, hobbyist hackers learn the craft, and bounty hunters land rewards and bragging rights for identifying vulnerabilities in the wild.


In a world where online security has increasingly higher stakes, there are exponentially expanding opportunities to break it. Ethical hackers are quiet heroes who stand between the inevitable weak spots of your favorite applications and the ceaseless efforts of the unscrupulous to crack them for ill-gotten gain. Lesson by lesson, this book will beef up the arsenal of the would-be defenders with easily grasped, practical knowledge.


  • How the internet works and basic web hacking concepts
  • Tricks attackers use to compromise websites
  • How to identify vulnerabilities in a site’s HTML, CSS, and JavaScript
  • Where to start when hunting a site’s bugs
  • How to find bug bounty programs and submit effective vulnerability reports 


Illustrated throughout with fascinating (and sometimes gut-wrenching) tales from the trenches — including successful high-profile bounties and highlights from the author’s own journey to becoming a hacker — Real-World Bug Hunting serves as both manual and inspiration for the budding ethical hacker.







About the Authors

Peter Yaworski is a successful bug bounty hunter with thanks from Salesforce, Twitter, Airbnb, and the United States Department of Defense, among others. He currently works at Shopify as an Application Security Engineer, helping to make commerce more secure.


About No Starch Press

San Francisco–based No Starch Press has published the finest in geek entertainment since 1994—bestsellers like Python Crash Course, Python for Kids, The Linux Command Line, How Linux Works, and Hacking: The Art of Exploitation. Our titles have personality and attitude, our authors are passionate about their subjects, and our editorial team puts every book through a rigorous process of developmental editing, tech review, design, and production.