Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Hands-On Bug Hunting for Penetration Testers
  • Table Of Contents Toc
  • Feedback & Rating feedback
Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

By : Himanshu Sharma, Joe Marshall
4 (2)
close
close
Hands-On Bug Hunting for Penetration Testers

Hands-On Bug Hunting for Penetration Testers

4 (2)
By: Himanshu Sharma, Joe Marshall

Overview of this book

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively—and profitably—participating in bug bounty programs. You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You’ll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it’s found), and how to create the tools for automated pentesting work?ows. Then, you’ll format all of this information within the context of a bug report that will have the greatest chance of earning you cash. With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.
Table of Contents (16 chapters)
close
close

Chapter 6

  1. CSRF stands for Cross Site Request Forgery and is when an attacker takes advantage of a logged-in user's authenticated state to execute malicious application requests and change the user's app in harmful ways.
  2. An attacker with access to a CSRF vulnerability can trick a user into changing application state against their will, or in a way they don't intend to (for example, routing money to a different bank account).
  3. A CSRF PoC is just the bare-bones markup necessary to recreate the form's HTTP request.
  4. If you can open a CSRF PoC in your browser and submit it successfully, that validates the vulnerability.
  5. Using BeautifulSoup to generate HTML lets you allow tedious string manipulation (for example, splitting and inserting nested tags).
  6. We used a CSRF POST-based attack in our E2E example.
  7. A malicious actor would use more hidden fields, and allow his...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Edit Note

Modal Close icon
Write a note (max 255 characters)
Cancel
Update Note

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY