The Bug Hunters Methodology (UNDERGOING CLEANUP)

Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments, and more specifically towards bug hunting in bug bounties.

These methodology pieces are presented as an abbreviated testing methodology for use in bug bounties. It is based off of the research gathered for the Defcon 23 talk "How to shot Web: better hacking in 2015".

The current sections are divided as follows:

Philosophy
Discovery
Mapping
Authorization and Sessions
Tactical fuzzing
- XSS
- SQLi
- File Inclusion
- CSRF
Privilege, Transport and Logic
Web services
Mobile vulnerabilities
Auxiliary Information

The goal of the project is to incorporate more up to date resources for bug hunters and web hackers to use during their day-to-day work.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
01_Philosophy.md		01_Philosophy.md
02_Discovery.md		02_Discovery.md
03_Mapping.md		03_Mapping.md
04_Authorization_and_Session.md		04_Authorization_and_Session.md
05_XSS.md		05_XSS.md
06_SQLi.md		06_SQLi.md
07_File_Upload.md		07_File_Upload.md
08_CSRF.md		08_CSRF.md
09_Privledge_Logic_Transport.md		09_Privledge_Logic_Transport.md
10_Mobile.md		10_Mobile.md
11_Auxiliary_Info.md		11_Auxiliary_Info.md
12_IDOR.markdown		12_IDOR.markdown
How Do I shot Web-.pdf		How Do I shot Web-.pdf
README.md		README.md
_config.yml		_config.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

The Bug Hunters Methodology (UNDERGOING CLEANUP)

Defcon Video

About

Releases

Packages

oneplus-x/The-Bug-Hunters-Methodology

Folders and files

Latest commit

History

Repository files navigation

The Bug Hunters Methodology (UNDERGOING CLEANUP)

Defcon Video

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Packages