Application logic vulnerabilities are the most valuable bugs for a bug bounty hunter. Although they are hard to find, they have the greatest impact on the application, and you are less likely to get a duplicate when reporting them. To summarize the information in this chapter, we enumerate the main points:
- Try to understand how the application works using a HTTP proxy. Focus on the variables and parameters that could be used to control the application's flow.
- Launch automated tools for port scanning, vulnerability assessments, and configuration management issues.
- Replicate previous vulnerabilities between applications.