Skip to content

Summary: Beginning Bug Bounty – Part 1

Views: 7

The summary is written based on the following resources:


Daily Rituals

(a) Hack with intention to learn

  • Realize that you will gain knowledge and the know-how when you are trying to hack something.
  • Investigate a product / app to see how it works. The knowledge can be used for future hacking.
  • Journal down what you are learning everyday.
  • Do not worry about duplicates. It means that you found a genuine issue.
  • There are always bugs out there since companies are frequently pushing their code.

(b) Invest time in reading hands-on guide

  • Take note of how you can apply what you read to improve your methodology.
  • Read a lot of documentation about APIs, Products, Business Logic, Security Technologies, New Languages, CTFs, etc.

(c) Find / Build your niches:

  • Focus on areas where very few people are looking.
  • Think about where you can find bugs in an unexpected places.
  • Try testing the applications which are not in conventional platform.
  • You cannot be looking for low-hanging fruits all the time.

Bug Bounty Checklist

  • Test for Injections vulnerabilities in Web and Mobile apps (SQLi, Command Injection, ORM injection, etc.). Understand if there are any validation or filter done.
  • Test to see if sensitive data are encrypted while it is transit, at rest.
  • Testing XML External Entity (XXE). Check if you can upload files (DOCs, PPT, etc.) / xml types. Know the impact:
    • Retrieve file from server
    • Server Side Request Forgery (SSRF)
    • Denial of Service (DoS)
  • Testing for Broken access Control. Check if a user can have privileges of other roles to exploit. Access control is only effective if it is enforced on server-side code or serverless APIs.
    • Look at the where the access roles are indicated. JWT? Cookie? URL?
    • Can you access admin pages without authentication?
  • Learn how to test for XSS – in depth. Know the potential XSS loopholes in modern framework such as ReactJS, etc.
    • Reflected: Unvalidated Input becomes part of HTML output.
    • Stored: Unsanitized input are stored to be viewed later.
    • DOM: JS / Single Page App (SPA) / API that dynamically uses user data to create DOM.
Published inBug Bounty

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *