====== Cybersecurity Wiki ======

Knowledge base for bug bounty hunting and web security research.

===== Bug Bounty Bootcamp (BBC) =====

All 25 chapters from Vickie Li's //Bug Bounty Bootcamp// (No Starch Press, 2021).

  * [[bbc:01_picking_program|Ch 01 - Picking a Program]] | [[bbc:02_sustaining_success|Ch 02 - Sustaining Success]] | [[bbc:03_how_internet_works|Ch 03 - How the Internet Works]] | [[bbc:04_env_setup|Ch 04 - Environment Setup]]
  * [[bbc:08_clickjacking|Ch 08 - Clickjacking]] | [[bbc:12_race_conditions|Ch 12 - Race Conditions]]
  * [[bbc:14_insecure_deserialization|Ch 14 - Deserialization]] | [[bbc:15_xxe|Ch 15 - XXE]] | [[bbc:16_template_injection|Ch 16 - SSTI]]
  * [[bbc:17_logic_errors|Ch 17 - Logic Errors]] | [[bbc:18_rce|Ch 18 - RCE]]
  * [[bbc:19_sop|Ch 19 - SOP/CORS]] | [[bbc:20_sso|Ch 20 - SSO]] | [[bbc:21_info_disclosure|Ch 21 - Info Disclosure]]
  * [[bbc:22_code_reviews|Ch 22 - Code Reviews]] | [[bbc:23_android_hacking|Ch 23 - Android]] | [[bbc:24_api_hacking|Ch 24 - API Hacking]] | [[bbc:25_fuzzing|Ch 25 - Fuzzing]]

===== The Bug Hunter's Methodology (TBHM) =====

  * [[tbhm:01_philosophy|01 - Philosophy & Mindset]]
  * [[tbhm:02_discovery|02 - Discovery & Recon]]
  * [[tbhm:03_mapping|03 - Mapping the Attack Surface]]
  * [[tbhm:04_authorization|04 - Authorization & Session Management]]
  * [[tbhm:05_xss|05 - Cross-Site Scripting (XSS)]]
  * [[tbhm:06_sqli|06 - SQL Injection]]
  * [[tbhm:07_file_upload|07 - File Upload Vulnerabilities]]
  * [[tbhm:08_csrf|08 - CSRF]]
  * [[tbhm:09_privilege|09 - Privilege Escalation, Logic & Transport]]
  * [[tbhm:10_mobile|10 - Mobile Testing]]
  * [[tbhm:11_auxiliary|11 - Auxiliary Info & Tools]]
  * [[tbhm:12_idor|12 - IDOR]]
  * [[tbhm:fast_checklist|Fast Testing Checklist]]

===== Quick Reference =====

  * [[tbhm:start|TBHM Index]]
  * [[tbhm:fast_checklist|Fast Checklist]]
  * [[tbhm:02_discovery|Recon & Discovery]]
  * [[tbhm:05_xss|XSS]]
  * [[tbhm:06_sqli|SQLi]]
  * [[tbhm:04_authorization|Auth Bypass]]
  * [[tbhm:12_idor|IDOR]]

===== Zseano's Methodology =====

  * [[zseano:start|Methodology Index]]
  * [[zseano:philosophy|Philosophy & Principles]]
  * [[zseano:recon|Recon & Attack Surface]]
  * [[zseano:feature_checklist|Feature Testing Checklist]]
  * [[zseano:xss|XSS]] | [[zseano:csrf|CSRF]] | [[zseano:idor|IDOR]] | [[zseano:ssrf|SSRF]]
  * [[zseano:open_redirects|Open Redirects]] | [[zseano:sqli|SQLi]] | [[zseano:cors|CORS]]
  * [[zseano:auth_session|Auth & Session]] | [[zseano:logic_bugs|Logic Bugs]]
  * [[zseano:escalation|Bug Chaining]] | [[zseano:reporting|Reporting]]

===== Site Index =====

  * [[all_articles|All Articles]]