Subscription

Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Conferences

Free Learning

You're reading from Bug Bounty Hunting Essentials Quick-paced guide to help white-hat hackers get through bug bounty programs

Product type Paperback

Published in Nov 2018

Publisher

ISBN-13 9781788626897

Length 270 pages

Edition 1st Edition

Tools

Android

Concepts

Bug Bounty

Authors (2):

Shahmeer Amir

Carlos A. Lozano

View More author details

Table of Contents (15) Chapters

Preface

1. Basics of Bug Bounty Hunting

2. How to Write a Bug Bounty Report FREE CHAPTER

3. SQL Injection Vulnerabilities

4. Cross-Site Request Forgery

5. Application Logic Vulnerabilities

6. Cross-Site Scripting Attacks

7. SQL Injection

8. Open Redirect Vulnerabilities

9. Sub-Domain Takeovers

10. XML External Entity Vulnerability

11. Template Injection

12. Top Bug Bounty Hunting Tools

13. Top Learning Resources

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

Cross-Site Request Forgery

Have you ever seen articles about how hackers stole data from Facebook using external applications?

How can these applications steal data from users? Well, when you access an application, such as a social network, you just enter your credentials once; after that, the applications create identifications, such as sessions, to track the users. These sessions and other data need to be stored somewhere, and usually, the best place to store them is in cookies.

Cookies are files in your computer that are stored temporarily so that they can be accessed by applications. This means that you do not need to enter your username and password each time you access Facebook, you just need to do it once, and then when you access Facebook, Facebook will ask to your browser for a cookie; if the browser has it, Facebook reads the session stored in the cookie, and automatically...

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Shahmeer Amir

Shahmeer Amir is ranked as the third most accomplished bug hunter worldwide and has helped more than 400 organizations, including Facebook, Microsoft, Yahoo, and Twitter, resolve critical security issues in their systems. Following his vision of a safer internet, Shahmeer Amir is the founder and CEO of a cyber security start-up in Pakistan, Veiliux, aiming to secure all kinds of organizations. Shahmeer also holds relevant certifications in the field of cyber security from renowned organizations such as EC-Council, Mile2, and ELearn Security. By profession, Shahmeer is an electrical engineer working on different IoT products to make the lives of people easier.

See other products by Shahmeer Amir

Carlos A. Lozano

Carlos A. Lozano is a security consultant with more than 15 years' experience in various security fields. He has worked as a penetration tester, but most of his experience is with security application assessments. He has assessed financial applications, ISC/SCADA systems, and even low-level applications, such as drivers and embedded components. Two years ago, he started on public and private bug bounty programs and focused on web applications, source code review, and reversing projects. Also, Carlos works as Chief Operations Officer at Global CyberSec, an information security firm based in Mexico, with operations in the USA and Chile.

See other products by Carlos A. Lozano