Summary: Beginning Bug Bounty - Part 1

The summary is written based on the following resources:

Daily Rituals

(a) Hack with intention to learn

Realize that you will gain knowledge and the know-how when you are trying to hack something.
Investigate a product / app to see how it works. The knowledge can be used for future hacking.
Journal down what you are learning everyday.
Do not worry about duplicates. It means that you found a genuine issue.
There are always bugs out there since companies are frequently pushing their code.

(b) Invest time in reading hands-on guide

Take note of how you can apply what you read to improve your methodology.
Read a lot of documentation about APIs, Products, Business Logic, Security Technologies, New Languages, CTFs, etc.

Test for Injections vulnerabilities in Web and Mobile apps (SQLi, Command Injection, ORM injection, etc.). Understand if there are any validation or filter done.
Test to see if sensitive data are encrypted while it is transit, at rest.
Testing XML External Entity (XXE). Check if you can upload files (DOCs, PPT, etc.) / xml types. Know the impact:
- Retrieve file from server
- Server Side Request Forgery (SSRF)
- Denial of Service (DoS)
Testing for Broken access Control. Check if a user can have privileges of other roles to exploit. Access control is only effective if it is enforced on server-side code or serverless APIs.
- Look at the where the access roles are indicated. JWT? Cookie? URL?
- Can you access admin pages without authentication?
Learn how to test for XSS – in depth. Know the potential XSS loopholes in modern framework such as ReactJS, etc.
- Reflected: Unvalidated Input becomes part of HTML output.
- Stored: Unsanitized input are stored to be viewed later.
- DOM: JS / Single Page App (SPA) / API that dynamically uses user data to create DOM.