Question

I still remember the first time I found a high-impact vulnerability. I had already located a few low-impact bugs in the application I was testing, including a CSRF, an IDOR, and a few information leaks. Eventually, I managed to chain these into a full takeover of any account on the website: I could have logged in as anyone, read anyone’s data, and altered it however I wanted. For an instant, I felt like I had superpowers.

我仍然记得第一次发现高影响漏洞的时候。在我测试的应用程序中，我已经找到了几个低影响的漏洞，包括 CSRF、IDOR 和一些信息泄漏。最终，我成功地将它们链接在一起，完全接管了网站上的任何帐户：我可以像任何人一样登录、阅读任何人的数据并随心所欲地更改它。一瞬间，我觉得自己拥有了超能力。

I reported the issue to the company, which promptly fixed the vulnerability. Hackers are probably the closest thing to superheroes I’ve encountered in the real world. They overcome limitations with their skills to make software programs do much more than they were designed for, which is what I love about hacking web applications: it’s all about thinking creatively, challenging yourself, and doing more than what seems possible.

我已向公司报告此问题，公司迅速修复了漏洞。黑客可能是我在现实世界中遇到的最接近超级英雄的人。他们凭借自己的技能克服限制，使软件程序做到比设计更多的事情，这就是我喜欢黑客攻击网站应用程序的原因：这一切都是关于创造性思维，挑战自我，做出超越可能的事情。

Also like superheroes, ethical hackers help keep society safe. Thousands of data breaches happen every year in the United States alone. By understanding vulnerabilities and how they happen, you can use your knowledge for good to help prevent malicious attacks, protect applications and users, and make the internet a safer place.

与超级英雄一样，道德黑客有助于保护社会的安全。仅在美国每年就发生数千起数据泄漏事件。通过了解漏洞和其发生原因，您可以将自己的知识用于预防恶意攻击、保护应用程序和用户，使互联网成为更安全的地方。

Not too long ago, hacking and experimenting with web applications were illegal. But now, thanks to bug bounty programs, you can hack legally; companies set up bug bounty programs to reward security researchers for finding vulnerabilities in their applications. Bug Bounty Bootcamp teaches you how to hack web applications and how to do it legally by participating in these programs. You’ll learn how to navigate bug bounty programs, perform reconnaissance on a target, and identify and exploit vulnerabilities.

不久之前，黑客和对 Web 应用程序进行实验都是非法的。但现在，归功于漏洞赏金计划，您可以合法地进行黑客攻击；公司设立漏洞赏金计划来奖励安全研究人员在其应用程序中发现漏洞。漏洞赏金训练营教您如何黑入 Web 应用程序，并通过参加这些计划合法地进行黑客攻击。您将学习如何使用漏洞赏金计划，对目标进行侦察，并识别和利用漏洞。