Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments, and more specifically towards bug hunting in bug bounties.
These methodology pieces are presented as an abbreviated testing methodology for use in bug bounties. It is based off of the research gathered for the Defcon 23 talk "How to shot Web: better hacking in 2015".
The current sections are divided as follows:
- Philosophy
- Discovery
- Mapping
- Authorization and Sessions
- Tactical fuzzing
- Privilege, Transport and Logic
- Web services
- Mobile vulnerabilities
- Auxiliary Information
The goal of the project is to incorporate more up to date resources for bug hunters and web hackers to use during thier day-to-day work.
@jhaddix
