All Articles

Complete index of every page on this wiki.

Vickie Li, No Starch Press, 2021. All 25 chapters processed.

• Ch 01 - Picking a Bug Bounty Program
• Ch 02 - Sustaining Your Success
• Ch 03 - How the Internet Works
• Ch 04 - Environment Setup
• Ch 08 - Clickjacking
• Ch 12 - Race Conditions
• Ch 14 - Insecure Deserialization
• Ch 15 - XML External Entity (XXE)
• Ch 16 - Server-Side Template Injection (SSTI)
• Ch 17 - Logic Errors & Business Logic Bugs
• Ch 18 - Remote Code Execution (RCE)
• Ch 19 - Same-Origin Policy (SOP) Vulnerabilities
• Ch 20 - Single Sign-On (SSO) Security Issues
• Ch 21 - Information Disclosure
• Ch 22 - Code Reviews
• Ch 23 - Android Hacking
• Ch 24 - API Hacking
• Ch 25 - Automated Vulnerability Discovery / Fuzzing

• Ch 05 - Open Redirects → Open Redirects
• Ch 06 - Cross-Site Scripting → XSS | XSS (Zseano)
• Ch 07 - Open Redirects (extended) → Open Redirects
• Ch 09 - Cross-Site Request Forgery → CSRF | CSRF (Zseano)
• Ch 10 - Insecure Direct Object References → IDOR | IDOR (Zseano)
• Ch 11 - SQL Injection → SQLi
• Ch 13 - Server-Side Request Forgery → SSRF

• 01 - Philosophy & Mindset
• 02 - Discovery & Recon
• 03 - Mapping the Attack Surface
• 04 - Authorization & Session
• 05 - Cross-Site Scripting (XSS)
• 06 - SQL Injection
• 07 - File Upload
• 08 - CSRF
• 09 - Privilege, Logic & Transport
• 10 - Mobile Testing
• 11 - Auxiliary Info & Tools
• 12 - IDOR
• Fast Testing Checklist
• TBHM Index

• Auth & Session Bugs
• CORS Misconfiguration
• CSRF Testing
• Bug Chaining & Escalation
• Feature Testing Checklist
• File Upload Testing
• IDOR Testing
• Business Logic & Privilege Escalation
• Open Redirects
• Philosophy & Core Principles
• Picking a Program
• Recon & Expanding Attack Surface
• Writing Good Reports
• SQL Injection
• SSRF Testing
• Methodology Index
• Toolkit & Setup
• XSS Testing

• Home