Bug bounty
Penetration testing & Bug bounty
Tools
HTML Injection
Broken authentication
XSS
SQL Injection
Agenda
Penetration testing
Penetration testing - an action that we apply to enumerate and discover new vulnerabilities, as well as explode them and take control of our target system
Process
1. Gather information
2. Scanning
3. Explode the target using different methods and attacks
4. Maintaining access on the target
Tools
Whatweb
Nmap
HTML Injection
Broken authentication
XSS
XSS is based on injecting JS code in the web page
XSS is not a vulnerability that targets server, it targets clients that use that server
There are two main types of XSS - Reflected XSS and Stored XSS
SQL Injection
Examples
Sometimes our input is not getting stored between single quotes. So we can bypass single quote problem that gets filtered