====== Zseano's Methodology ======

Based on Sean Roesner's bug bounty methodology (bugbountyhunter.com), combined with drew's personal notes.

===== Chapters =====

  * [[zseano:philosophy|Philosophy & Core Principles]]
  * [[zseano:toolkit|Toolkit & Setup]]
  * [[zseano:program_selection|Picking a Program]]
  * [[zseano:recon|Recon & Expanding Attack Surface]]
  * [[zseano:feature_checklist|Feature Testing Checklist]]
  * [[zseano:xss|XSS Testing]]
  * [[zseano:csrf|CSRF Testing]]
  * [[zseano:open_redirects|Open Redirects]]
  * [[zseano:ssrf|SSRF Testing]]
  * [[zseano:file_uploads|File Upload Testing]]
  * [[zseano:idor|IDOR Testing]]
  * [[zseano:sqli|SQL Injection]]
  * [[zseano:cors|CORS Misconfiguration]]
  * [[zseano:auth_session|Auth & Session Bugs]]
  * [[zseano:logic_bugs|Business Logic & Privilege Escalation]]
  * [[zseano:escalation|Bug Chaining & Escalation]]
  * [[zseano:reporting|Writing Good Reports]]

===== See Also =====

  * [[tbhm:start|TBHM Index]]
  * [[start|Wiki Home]]