Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities (Paperback)

Li, Vickie

  • 出版商: No Starch Press
  • 出版日期: 2021-12-07
  • 定價: $1,800
  • 售價: 9.5$1,710
  • 語言: 英文
  • 頁數: 416
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1718501544
  • ISBN-13: 9781718501546
  • 立即出貨 (庫存=1)



Bug Bounty Bootcamp teaches you how to hack web applications. You will learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them. You'll also learn how to navigate bug bounty programs set up by companies to reward security professionals for finding bugs in their web applications.

Bug bounty programs are company-sponsored programs that invite researchers to search for vulnerabilities on their applications and reward them for their findings. This book is designed to help beginners with little to no security experience learn web hacking, find bugs, and stay competitive in this booming and lucrative industry.

You'll start by learning how to choose a program, write quality bug reports, and maintain professional relationships in the industry. Then you'll learn how to set up a web hacking lab and use a proxy to capture traffic. In Part 3 of the book, you'll explore the mechanisms of common web vulnerabilities, like XSS, SQL injection, and template injection, and receive detailed advice on how to find them and bypass common protections. You'll also learn how to chain multiple bugs to maximize the impact of your vulnerabilities.

Finally, the book touches on advanced techniques rarely covered in introductory hacking books but that are crucial to understand to hack web applications. You'll learn how to hack mobile apps, review an application's source code for security issues, find vulnerabilities in APIs, and automate your hacking process. By the end of the book, you'll have learned the tools and techniques necessary to be a competent web hacker and find bugs on a bug bounty program.


「Bug Bounty Bootcamp」教你如何駭入網路應用程式。你將學習如何對目標進行偵查、辨識漏洞並利用它們。你還將學習如何在公司設立的漏洞賞金計畫中尋找網路應用程式的漏洞,並獲得獎勵。


你將首先學習如何選擇一個計畫,撰寫優質的漏洞報告,並在業界中保持專業關係。然後,你將學習如何建立一個網路駭客實驗室,並使用代理伺服器捕獲流量。在本書的第三部分中,你將探索常見網路漏洞的機制,如 XSS、SQL注入和模板注入,並獲得詳細的建議,以尋找它們並繞過常見的保護措施。你還將學習如何鏈接多個漏洞,以最大化漏洞的影響力。



Vickie Li is a developer and security researcher experienced in finding and exploiting vulnerabilities in web applications. She has reported vulnerabilities to firms such as Facebook, Yelp and Starbucks and contributes to a number of online training programs and technical blogs.



Vickie Li 是一位開發者和安全研究人員,擅長發現和利用網路應用程式的漏洞。她曾向 Facebook、Yelp 和 Starbucks 等公司報告漏洞,並參與多個線上培訓計畫和技術部落格的貢獻。