- Bug Bounty Hunting Essentials
- Carlos A. Lozano Shahmeer Amir
- 89字
- 2021-06-10 18:35:34
Key learning from this report
- It is important that you observe the web application even if it's based on a third-party CMS, as in this case; the CMS was WordPress and the main vulnerability was the Formidable plugin
- The original report was very detailed and very descriptive, which helped the team verify the vulnerability very quickly; we should also follow the same approach
- The vulnerability originally was an HTML-stored injection flaw that was chained into an SQL injection vulnerability; a similar approach should be used in other vulnerability replications
推薦閱讀
- 攻守道:企業(yè)數(shù)字業(yè)務(wù)安全風(fēng)險(xiǎn)與防范
- 計(jì)算機(jī)網(wǎng)絡(luò)安全技術(shù)(第6版·慕課版)
- 數(shù)字身份與元宇宙信任治理
- Practical Network Scanning
- 黑客攻防技巧
- Penetration Testing with Perl
- 工業(yè)物聯(lián)網(wǎng)安全
- Testing and Securing Android Studio Applications
- 解密數(shù)據(jù)恢復(fù)
- End to End GUI Development with Qt5
- 白話零信任
- Android Application Security Essentials
- Web安全攻防從入門到精通
- 云計(jì)算安全:關(guān)鍵技術(shù)、原理及應(yīng)用
- 大數(shù)據(jù)時(shí)代的云安全