The Guide to Finding and Reporting Web Vulnerabilities
About the Author
About the Tech Reviewer
Foreword
Introduction
Who This Book Is For
What Is In This Book
Happy Hacking!
1 Picking a Bug Bounty Program
- The State of the Industry
- Asset Types
- Bug Bounty Platforms
- Scope, Payouts, and Response Times
- Private Programs
- Choosing the Right Program
- A Quick Comparison of Popular Programs
2 Sustaining Your Success
- Writing a Good Report
- Building a Relationship with the Development Team
- Understanding Why You’re Failing
- What to Do When You’re Stuck
- Lastly, a Few Words of Experience
3 How the Internet Works
- The Client-Server Model
- The Domain Name System
- Internet Ports
- HTTP Requests and Responses
- Internet Security Controls
- Learn to Program
4 Environmental Setup and Traffic Interception
- Choosing an Operating System
- Setting Up the Essentials: A Browser and a Proxy
- Using Burp
- A Final Note on . . . Taking Notes
5 Web Hacking Reconnaissance
- Manually Walking Through the Target
- Google Dorking
- Scope Discovery
- Other Sneaky OSINT Techniques
- Tech Stack Fingerprinting
- Writing Your Own Recon Scripts
- A Note on Recon APIs
- Start Hacking!
- Tools Mentioned in This Chapter
6 Cross-Site Scripting
- Mechanisms
- Types of XSS
- Prevention
- Hunting for XSS
- Bypassing XSS Protection
- Escalating the Attack
- Automating XSS Hunting
- Finding Your First XSS!
7 Open Redirects
- Mechanisms
- Prevention
- Hunting for Open Redirects
- Bypassing Open-Redirect Protection
- Escalating the Attack
- Finding Your First Open Redirect!
8 Clickjacking
- Mechanisms
- Prevention
- Hunting for Clickjacking
- Bypassing Protections
- Escalating the Attack
- A Note on Delivering the Clickjacking Payload
- Finding Your First Clickjacking Vulnerability!
9 Cross-Site Request Forgery
- Mechanisms
- Prevention
- Hunting for CSRFs
- Bypassing CSRF Protection
- Escalating the Attack
- Delivering the CSRF Payload
- Finding Your First CSRF!
10 Insecure Direct Object References
- Mechanisms
- Prevention
- Hunting for IDORs
- Bypassing IDOR Protection
- Escalating the Attack
- Automating the Attack
- Finding Your First IDOR!
11 SQL Injection
- Mechanisms
- Prevention
- Hunting for SQL Injections
- Escalating the Attack
- Automating SQL Injections
- Finding Your First SQL Injection!
12 Race Conditions
- Mechanisms
- When a Race Condition Becomes a Vulnerability
- Prevention
- Hunting for Race Conditions
- Escalating Race Conditions
- Finding Your First Race Condition!
13 Server-Side Request Forgery
- Mechanisms
- Prevention
- Hunting for SSRFs
- Bypassing SSRF Protection
- Escalating the Attack
- Finding Your First SSRF!
14 Insecure Deserialization
- Mechanisms
- Prevention
- Hunting for Insecure Deserialization
- Escalating the Attack
- Finding Your First Insecure Deserialization!
15 XML External Entity
- Mechanisms
- Prevention
- Hunting for XXEs
- Escalating the Attack
- More About Data Exfiltration Using XXEs
- Finding Your First XXE!
16 Template Injection
- Mechanisms
- Prevention
- Hunting for Template Injection
- Escalating the Attack
- Automating Template Injection
- Finding Your First Template Injection!
17 Application Logic Errors and Broken Access Control
- Application Logic Errors
- Broken Access Control
- Prevention
- Hunting for Application Logic Errors and Broken Access Control
- Escalating the Attack
- Finding Your First Application Logic Error or Broken Access Control!
18 Remote Code Execution
- Mechanisms
- Prevention
- Hunting for RCEs
- Escalating the Attack
- Bypassing RCE Protection
- Finding Your First RCE!
19 Same-Origin Policy Vulnerabilities
- Mechanisms
- Hunting for SOP Bypasses
- Escalating the Attack
- Finding Your First SOP Bypass Vulnerability!
20 Single-Sign-On Security Issues
- Mechanisms
- Note
- Hunting for Subdomain Takeovers
- Monitoring for Subdomain Takeovers
- Hunting for SAML Vulnerabilities
- Hunting for OAuth Token Theft
- Escalating the Attack
- Finding Your First SSO Bypass!
21 Information Disclosure
- Mechanisms
- Prevention
- Hunting for Information Disclosure
- Escalating the Attack
- Finding Your First Information Disclosure!
22 Conducting Code Reviews
- Note
- White-Box vs. Black-Box Testing
- The Fast Approach: grep Is Your Best Friend
- The Detailed Approach
- Exercise: Spot the Vulnerabilities
23 Hacking Android Apps
- Note
- Setting Up Your Mobile Proxy
- Bypassing Certificate Pinning
- Anatomy of an APK
- Tools to Use
- Hunting for Vulnerabilities
24 API Hacking
- What Are APIs?
- Hunting for API Vulnerabilities
25 Automatic Vulnerability Discovery Using Fuzzers
- What Is Fuzzing?
- How a Web Fuzzer Works
- The Fuzzing Process
- Fuzzing with Wfuzz
- Fuzzing vs. Static Analysis
- Pitfalls of Fuzzing
- Adding to Your Automated Testing Toolkit

文江博客开发文档 Bug Bounty Bootcamp 中文版文章详情

文章来源于网络收集而来，版权归原创者所有，如有侵权请及时联系！

Finding Your First Application Logic Error or Broken Access Control!

发布于 2024-10-11 20:34:03 字数 1011 浏览 0 评论 0 收藏 0

Find your very first application logic error or broken access control vulnerability by using the tips you learned in this chapter:

使用本章学到的技巧查找您的首个应用程序逻辑错误或破坏访问控制漏洞。

Learn about your target application. The more you understand about the architecture and development process of the web application, the better you’ll be at spotting these vulnerabilities.
Intercept requests while browsing the site and pay attention to sensitive functionalities. Keep track of every request sent during these actions.
Use your creativity to think of ways to bypass access control or otherwise interfere with application logic.
Think of ways to combine the vulnerability you’ve found with other vulnerabilities to maximize the potential impact of the flaw.
Draft your report! Be sure to communicate to the receiver of the report how the issue could be exploited by malicious users.

收藏 0

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

列表为空，暂无数据

我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的隐私政策了解更多相关信息。单击 接受 或继续使用网站，即表示您同意使用 Cookies 和您的相关数据。

原文