The complete guide to bug bounty hunting

• Titel: The complete guide to bug bounty hunting
• Mitwirkende: Cosentino, Scott [Präsentator]
• Institutionen: Manning (Firm), [Verlag]
• Ausgabe: [First edition].
• Verlagsort: [Place of publication not identified]
• Verlag: Manning Publications
• E-Jahr: 2023
• Jahr: [2023]
• Umfang: 1 online resource (1 video file (6 hr., 56 min.))
• Illustrationen: sound, color.
• Fussnoten: Online resource; title from title details screen (O'Reilly, viewed May 23, 2023)
• Datenträger: Online-Ressource
• Sprache: eng
• Sach-SW: Instructional films
• Sach-SW: Nonfiction films
• Sach-SW: Internet videos
• K10plus-PPN: 1846840910
• K10plus-PPN:
  Universitätsbibliothek
• Lokale URL UB: Zum Volltext
• Lokale URL UB: Bibliothek der Medizinischen Fakultät Mannheim der Universität Heidelberg
• Bibliothek/Idn: UW / m4326730455
• Lokale URL Inst.: Zum Volltext

Abstract

Learn the essential tools and techniques for hunting and exploiting vulnerabilities in web and Android applications. Equip yourself with the knowledge and skills to find and responsibly disclose vulnerabilities to companies, gaining rewards through existing bug bounty programs. Master the best practices of ethical hacking to detect bugs and improve security. This comprehensive, seven-hour course covers three key areas: Fundamentals of OWASP Top 10 Vulnerabilities We start the course with a look at the most common vulnerabilities currently present in web applications. The OWASP Top Ten, from the Open Web Application Security Project, helps bug bounty hunters to know what to look for in penetration tests. We break down these vulnerabilities and demonstrate what to look for in order to detect them. Kali Linux and Web Application Hacking Web applications are currently some of the most common targets for bug bounties, so we'll see how to create meaningful attacks against them. We'll use Kali Linux tools, which are popular with both attackers and the defenders trying to secure web apps against those attacks. We'll work with Nmap, SQLmap, Commix, Wfuzz, Metasploit, and many other tools to gather information about targets and launch attacks to expose their vulnerabilities. Foundations of Hacking and Penetration Testing Android Apps Most companies now have apps that are included in bug bounty programs. Learning how to scan and exploit these apps can often be a lucrative way to gain bounties. Given the new focus on application development, apps make a great target for bug bounties.