Quality Assurance

Bug bounty

  • Penetration testing & Bug bounty

  • Tools

  • HTML Injection

  • Broken authentication

  • XSS

  • SQL Injection
     

Agenda

Penetration testing

 Penetration testing - an action that we apply to enumerate and discover new vulnerabilities, as well as explode them and take control of our target system

Process

1. Gather information

2. Scanning
3. Explode the target using different methods and attacks
4. Maintaining access on the target

Tools

  1. Kali linux
  2. Whatweb
  3. Nmap
  4. Hybra

Whatweb

Nmap

HTML Injection

Broken authentication

XSS

XSS is based on injecting JS code in the web page

XSS is not a vulnerability that targets server, it targets clients that use that server

There are two main types of XSS - Reflected XSS and Stored XSS

SQL Injection

Examples

Sometimes our input is not getting stored between single quotes. So we can bypass single quote problem that gets filtered