Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Bug Bounty Hunting Essentials Quick-paced guide to help white-hat hackers get through bug bounty programs

Product type Paperback

Published in Nov 2018

Publisher

ISBN-13 9781788626897

Length 270 pages

Edition 1st Edition

Tools

Android

Concepts

Bug Bounty

Authors (2):

Shahmeer Amir

Carlos A. Lozano

View More author details

Table of Contents (15) Chapters

Preface

1. Basics of Bug Bounty Hunting

2. How to Write a Bug Bounty Report FREE CHAPTER

3. SQL Injection Vulnerabilities

4. Cross-Site Request Forgery

5. Application Logic Vulnerabilities

6. Cross-Site Scripting Attacks

7. SQL Injection

8. Open Redirect Vulnerabilities

9. Sub-Domain Takeovers

10. XML External Entity Vulnerability

11. Template Injection

12. Top Bug Bounty Hunting Tools

13. Top Learning Resources

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

Detecting and exploiting CSRF

To detect CSRF flaws in an application, it is important to navigate through the entire application, trying to map all the called methods to identify which are important due to the kind of processing it has. We can also do this to find out how they are called, which parameters are sent to the application, if there is any anti-CSRF protection, and if it is one of the vulnerable protections we saw before. Also, if you detect that the protection is currently implemented, try to find an error. Maybe the information you need to exploit the vulnerability is in another application's request.

You can use the Site map tab in Burp Suite, or in another proxy, to detect when a resource is called to other domains:

Also look in the request to check whether information is stored in the cookies. You can find tools in this chapter that can be used to...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at €18.99/month. Cancel anytime

Authors (2)

Shahmeer Amir

Shahmeer Amir is ranked as the third most accomplished bug hunter worldwide and has helped more than 400 organizations, including Facebook, Microsoft, Yahoo, and Twitter, resolve critical security issues in their systems. Following his vision of a safer internet, Shahmeer Amir is the founder and CEO of a cyber security start-up in Pakistan, Veiliux, aiming to secure all kinds of organizations. Shahmeer also holds relevant certifications in the field of cyber security from renowned organizations such as EC-Council, Mile2, and ELearn Security. By profession, Shahmeer is an electrical engineer working on different IoT products to make the lives of people easier.

See other products by Shahmeer Amir

Carlos A. Lozano

Carlos A. Lozano is a security consultant with more than 15 years' experience in various security fields. He has worked as a penetration tester, but most of his experience is with security application assessments. He has assessed financial applications, ISC/SCADA systems, and even low-level applications, such as drivers and embedded components. Two years ago, he started on public and private bug bounty programs and focused on web applications, source code review, and reversing projects. Also, Carlos works as Chief Operations Officer at Global CyberSec, an information security firm based in Mexico, with operations in the USA and Chile.

See other products by Carlos A. Lozano