- Bug Bounty Hunting Essentials
- Carlos A. Lozano Shahmeer Amir
- 119字
- 2021-06-10 18:35:35
Summary
SQL injection has been at the top of the OWASP vulnerability listings for many years, the reason being that, if identified and exploited to the full extent, they produce catastrophic outcomes. We reviewed SQL injection as a vulnerability in detail; we looked at its types and sample attack scenarios. Then, we looked at some critical reports about SQL injection that were done by many bug bounty hunters. The goal of this chapter was to provide the reader with an overview about what SQL injection really is and how it can be used in the bug bounty hunting methodology. Initially, we analyzed an SQL injection in Uber, then we looked at an SQL injection in Grab Taxi, and others.
推薦閱讀
- 白話網絡安全2:網安戰略篇
- CTF實戰:技術、解題與進階
- Mobile Forensics Cookbook
- Securing Blockchain Networks like Ethereum and Hyperledger Fabric
- 網絡安全意識導論
- 數字安全藍皮書:本質屬性與重要特征
- 網絡運維親歷記 (網絡運維紀實文學)
- 模糊測試:強制發掘安全漏洞的利器
- 黑客攻防與網絡安全從新手到高手(絕招篇)
- 局域網交換機安全
- Instant Java Password and Authentication Security
- Mastering Reverse Engineering
- 白話零信任
- 云計算安全技術與應用
- CTF網絡安全競賽入門教程