/tbhm

The Bug Hunters Methodology

The Bug Hunters Methodology

Welcome! This repo is a conglomeration of tips, tricks, tools, and data analysis to use while doing web application security assessments, and more specifically towards bug hunting in bug bounties.

These methodology pieces are presented as an abbreviated testing methodology for use in bug bounties. It is based off of the research gathered for the Defcon 23 talk "How to shot Web: better hacking in 2015".

The current sections are divided as follows:

  • philosophy
  • discovery
  • mapping
  • tactical fuzzing
  • XSS
  • SQLi
  • LFI
  • CSRF
  • web services
  • mobile vulnerabilities

The goal of the project is to incorporate more up to date resources for bug hunters and web hackers to use during thier day-to-day work.

@jhaddix

Defcon Video

ScreenShot