Hands-On Bug Hunting for Penetration Testers: A practical guide to help ethical hackers discover web application security flaws

Joseph Marshall



Detailed walkthroughs of how to discover, test, and document common web application vulnerabilities.

Key Features

  • Learn how to test for common bugs
  • Discover tools and methods for hacking ethically
  • Practice working through pentesting engagements step-by-step

Book Description

Bug bounties have quickly become a critical part of the security economy. This book shows you how technical professionals with an interest in security can begin productively―and profitably―participating in bug bounty programs.

You will learn about SQli, NoSQLi, XSS, XXE, and other forms of code injection. You'll see how to create CSRF PoC HTML snippets, how to discover hidden content (and what to do with it once it's found), and how to create the tools for automated pentesting workflows.

Then, you'll format all of this information within the context of a bug report that will have the greatest chance of earning you cash.

With detailed walkthroughs that cover discovering, testing, and reporting vulnerabilities, this book is ideal for aspiring security professionals. You should come away from this work with the skills you need to not only find the bugs you're looking for, but also the best bug bounty programs to participate in, and how to grow your skills moving forward in freelance security research.

What you will learn

  • Choose what bug bounty programs to engage in
  • Understand how to minimize your legal liability and hunt for bugs ethically
  • See how to take notes that will make compiling your submission report easier
  • Know how to take an XSS vulnerability from discovery to verification, and report submission
  • Automate CSRF PoC generation with Python
  • Leverage Burp Suite for CSRF detection
  • Use WP Scan and other tools to find vulnerabilities in WordPress, Django, and Ruby on Rails applications
  • Write your report in a way that will earn you the maximum amount of money

Who this book is for

This book is written for developers, hobbyists, pentesters, and anyone with an interest (and a little experience) in web application security.

Table of Contents

  1. Joining the Hunt
  2. Choosing Your Hunting Ground
  3. Preparing for an Engagement
  4. Unsanitized Data; An XSS Case Study
  5. SQL, Code Injection, and Scanners
  6. CSRF and Insecure Session Authentication
  7. Detecting XML External Entities
  8. Access Control and Security Through Obscurity
  9. Framework and Application-Specific Vulnerabilities
  10. Formatting Your Report
  11. Other Tools
  12. Other (Out of Scope) Vulnerabilities
  13. Going Further
  14. Assessment



- 學習如何測試常見的錯誤
- 發現道德黑客的工具和方法
- 逐步實踐測試步驟


你將學習關於SQLi、NoSQLi、XSS、XXE和其他形式的代碼注入。你將看到如何創建CSRF PoC HTML片段,如何發現隱藏的內容(以及一旦發現後該如何處理),以及如何創建用於自動化測試工作流程的工具。



- 選擇參與哪些漏洞賞金計劃
- 理解如何最大程度地減少法律責任並道德地尋找漏洞
- 學會如何記錄筆記,以便更容易編寫提交報告
- 知道如何將XSS漏洞從發現到驗證,並提交報告
- 使用Python自動化CSRF PoC生成
- 利用Burp Suite進行CSRF檢測
- 使用WP Scan和其他工具尋找WordPress、Django和Ruby on Rails應用程式中的漏洞
- 以能獲得最大金額的方式撰寫報告


1. 加入獵場
2. 選擇你的獵場
3. 為參與準備
4. 未經處理的數據; XSS案例研究
5. SQL、代碼注入和掃描器
6. CSRF和不安全的會話驗證
7. 檢測XML外部實體
8. 存取控制和安全性通過模糊
9. 框架和應用程序特定的漏洞
10. 格式化你的報告
11. 其他工具
12. 其他(超出範圍)的漏洞
13. 進一步發展
14. 評估