Jump to content
Nytro

The Bug Hunters Methodology

By Nytro, in Securitate web

Recommended Posts

Nytro Mentor

Nytro

Posted
Posted

[h=1]The Bug Hunters Methodology[/h] Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments, and more specifically towards bug hunting in bug bounties.

These methodology pieces are presented as an abbreviated testing methodology for use in bug bounties. It is based off of the research gathered for the Defcon 23 talk "How to shot Web: better hacking in 2015".

The current sections are divided as follows:

  • philosophy
  • discovery
  • mapping
  • tactical fuzzing
  • XSS
  • SQLi
  • LFI
  • CSRF
  • web services
  • mobile vulnerabilities

The goal of the project is to incorporate more up to date resources for bug hunters and web hackers to use during thier day-to-day work.

@jhaddix

[h=2]Defcon Video[/h]Link: https://drive.google.com/file/d/0B15XPa08CyxhQ1J2T2tOUUJuSFk/view

Sursa: https://github.com/jhaddix/tbhm

  • Upvote 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...