Explore Products

Best Sellers

New Releases

Books

Videos

Audiobooks

Learning Hub

Free Learning

You're reading from Bug Bounty Hunting Essentials Quick-paced guide to help white-hat hackers get through bug bounty programs

Product type Paperback

Published in Nov 2018

Publisher

ISBN-13 9781788626897

Length 270 pages

Edition 1st Edition

Tools

Android

Concepts

Bug Bounty

Authors (2):

Shahmeer Amir

Carlos A. Lozano

View More author details

Table of Contents (15) Chapters

Preface

1. Basics of Bug Bounty Hunting FREE CHAPTER

2. How to Write a Bug Bounty Report

3. SQL Injection Vulnerabilities

4. Cross-Site Request Forgery

5. Application Logic Vulnerabilities

6. Cross-Site Scripting Attacks

7. SQL Injection

8. Open Redirect Vulnerabilities

9. Sub-Domain Takeovers

10. XML External Entity Vulnerability

11. Template Injection

12. Top Bug Bounty Hunting Tools

13. Top Learning Resources

14. Other Books You May Enjoy

Leave a review - let other readers know what you think

Responding to the queries of the team

At this point, you have submitted the report and the team has seen it. Now, there are two scenarios. If your report is clear and thorough, the team would readily accept it given that the vulnerability exists. However, even if the report is clear the team may still have some questions, which is natural and does not need to diminish your confidence. Here are a few tips on how to respond to the team if they have queries:

Always be respectful
Never ask them about the resolution or fix timeline
Include more technical details with every comment
Be thorough in your provision of technical details
Have patience, as the team does have other reports
Always ask about the bounty after the resolution
Accept politely if the team rejects your report
If you still think the issue is valid, you can interject

The rest of the chapter is locked

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $19.99/month. Cancel anytime

Authors (2)

Shahmeer Amir

Shahmeer Amir is ranked as the third most accomplished bug hunter worldwide and has helped more than 400 organizations, including Facebook, Microsoft, Yahoo, and Twitter, resolve critical security issues in their systems. Following his vision of a safer internet, Shahmeer Amir is the founder and CEO of a cyber security start-up in Pakistan, Veiliux, aiming to secure all kinds of organizations. Shahmeer also holds relevant certifications in the field of cyber security from renowned organizations such as EC-Council, Mile2, and ELearn Security. By profession, Shahmeer is an electrical engineer working on different IoT products to make the lives of people easier.

See other products by Shahmeer Amir

Carlos A. Lozano

Carlos A. Lozano is a security consultant with more than 15 years' experience in various security fields. He has worked as a penetration tester, but most of his experience is with security application assessments. He has assessed financial applications, ISC/SCADA systems, and even low-level applications, such as drivers and embedded components. Two years ago, he started on public and private bug bounty programs and focused on web applications, source code review, and reversing projects. Also, Carlos works as Chief Operations Officer at Global CyberSec, an information security firm based in Mexico, with operations in the USA and Chile.

See other products by Carlos A. Lozano