官网链接：No Starch Press
A comprehensive guide for any web application hacker, Bug Bounty Bootcamp is a detailed exploration of the many vulnerabilities present in modern websites and the hands-on techniques you can use to most successfully exploit them.
Bug Bounty Bootcamp prepares you for participation in bug bounty programs, which companies set up to reward hackers for finding and reporting vulnerabilities in their applications. The Bootcamp begins with guidance on writing high-quality bug reports and building lasting relationships with client organizations. You’ll then set up a hacking lab and dive into the mechanisms of common web vulnerabilities, like XSS and SQL injection, aided by thorough explanations of what causes them, how you can exploit them, where to find them, and how to bypass protections. You’ll also explore recon strategies for gathering intel on a target and automate recon with bash scripting. Finally, you’ll wade into advanced techniques, like hacking mobile apps, testing APIs, and reviewing source code for vulnerabilities.
Along the way, you’ll learn how to:
- Identify and successfully exploit a wide array of common web vulnerabilities
- Set up a hacking environment, configure Burp Suite, and use its modules to intercept traffic and hunt for bugs
- Chain together multiple bugs for maximum impact and higher payouts
- Bypass protection mechanisms like input sanitization and blocklists to make your attacks succeed
- Automate tedious bug-hunting tasks with fuzzing and bash scripting
- Set up an Android app testing environment
Thousands of data breaches happen every year. By understanding vulnerabilities and how they happen, you can help prevent malicious attacks, protect apps and users, and make the internet a safer place. Happy bug hunting!
Vickie Li is a developer and security researcher experienced in finding and exploiting vulnerabilities in web applications. She has reported vulnerabilities to firms such as Facebook, Yelp and Starbucks and contributes to a number of online training programs and technical blogs.