Cybersecurity Wiki

Knowledge base for bug bounty hunting and web security research.

All 25 chapters from Vickie Li's Bug Bounty Bootcamp (No Starch Press, 2021).

• Ch 01 - Picking a Program | Ch 02 - Sustaining Success | Ch 03 - How the Internet Works | Ch 04 - Environment Setup
• Ch 08 - Clickjacking | Ch 12 - Race Conditions
• Ch 14 - Deserialization | Ch 15 - XXE | Ch 16 - SSTI
• Ch 17 - Logic Errors | Ch 18 - RCE
• Ch 19 - SOP/CORS | Ch 20 - SSO | Ch 21 - Info Disclosure
• Ch 22 - Code Reviews | Ch 23 - Android | Ch 24 - API Hacking | Ch 25 - Fuzzing

• 01 - Philosophy & Mindset
• 02 - Discovery & Recon
• 03 - Mapping the Attack Surface
• 04 - Authorization & Session Management
• 05 - Cross-Site Scripting (XSS)
• 06 - SQL Injection
• 07 - File Upload Vulnerabilities
• 08 - CSRF
• 09 - Privilege Escalation, Logic & Transport
• 10 - Mobile Testing
• 11 - Auxiliary Info & Tools
• 12 - IDOR
• Fast Testing Checklist

• TBHM Index
• Fast Checklist
• Recon & Discovery
• XSS
• SQLi
• Auth Bypass
• IDOR

• Methodology Index
• Philosophy & Principles
• Recon & Attack Surface
• Feature Testing Checklist
• XSS | CSRF | IDOR | SSRF
• Open Redirects | SQLi | CORS
• Auth & Session | Logic Bugs
• Bug Chaining | Reporting

• All Articles