Resources

Online Training

Web Application Exploits and Defenses

A codelab with an actual vulnerable webapp and tutorials for you to work through to discover common vulnerabilities including XSS, Privilege Escala- tion, CSRF, Path Traversal and more. Find it at https://google-gruyere.appspot.com

The Exploit Database

Though not exactly online training, this site includes exploits for discovered vulnerabilities, often linking them to CVEs where possible. While using the actual code supplied should be done with extreme caution as it can be destructive, this is helpful for finding vulnerabilities if a target is using out of site software and reading the code is helpful to understand what type of input can be supplied to exploit a site.

Udacity

Free online learning courses in a variety of subjects, including web develop- ment and programming. I’d recommend checking out:

Intro to HTML and CSS1_{Javascript Basics}2

Bug Bounty Platforms

Hackerone.com

Created by security leaders from Facebook, Microsoft and Google, HackerOne is the first vulnerability coordination and bug bounty platform.

1_{https://www.udacity.com/course/intro-to-html-and-css--ud304} 2_{https://www.udacity.com/course/javascript-basics--ud804}

Resources 136

Bugcrowd.com

From the outback to the valley, Bugcrowd is was founded in 2012 to even the odds against the bad guys.

Synack.com

Honestly, I think this is a bug bounty platform but I have no idea� Not the most informative website. Here’s their quote (I had to include it in its entirety for the full effect):

Synack bridges the gap between perceived security and actual security by leveraging hacker-powered exploitation intelligence. Synack seamlessly in- tegrates the power of human ingenuity with the scalability of an advanced vulnerability intelligence platform to proactively give the enterprise an un- paralleled adversarial perspective.

Cobalt.io

According to their site, all researchers can sign up for Cobalt but in order to participate in most security programs, researchers need to be invited to the security program and/or undergo a strict vetting process�

Video Tutorials

youtube.com/yaworsk1

I’d be remiss if I didn’t include my YouTube channel� I’ve begun to record tutorials on finding vulnerabilities to help compliment this book.

Seccasts.com

From their website, SecCasts is a security video training platform that offers tutorials ranging from basic web hacking techniques to in-depth security topics on a specific language or framework.

Further Reading

OWASP.com

The Open Web Application Security Project is a massive source of vulnera- bility information. They have a convenient Security101 section, cheat sheets, testing guide and in-depth descriptions on most vulnerability types.

Resources 137

Hackerone.com/hacktivity

A list of all vulnerabilities reported on from their bounty program. While only some reports are public, you can use my script on GitHub to pull all of the public disclosures (https://github.com/yaworsk/hackerone_scrapper).

Twitter #infsec

Though a lot of noise, there are a lot of interesting security / vulnerability related tweets with under #infosec, often with links to detailed write ups.

Twitter @disclosedh1

The unofficial HackerOne public disclosure watcher which tweets recently disclosed bugs.

Web Application Hackers Handbook

The title should say it all. Written by the creators of Burp Suite, this is really a must read.

Bug Hunters Methodology

This is a GitHub repo from Jason Haddix and provides some awesome insight into how successful hackers approach a target. It’s written in MarkDown and was presented at DefCon as well. You can find it at https://github.com/jhaddix/tbhm.

Recommended Blogs

philippeharewood.com

Blog by an amazing Facebook hacker who shares an incredible amount about finding logic flaws in Facebook. I was lucky enough to interview Philippe in April 2016 and can’t stress enough how smart he is and awesome his blog is - I’ve read every post.

Philippe’s Facebook Page -

www.facebook.com/phwd-113702895386410

Another awesome resource from Philippe. This includes a list of Facebook Bug Bounties.

Resources 138

fin1te.net

Blog by the Second ranked Facebook Whitehat Program for the past two years (2015, 2014). Jack doesn’t seem to post much but when he does, the disclosures are in-depth and informative!

NahamSec.com

Blog by the #26 (as of February 2016) hacker on HackerOne. A lot of cool vulnerabilities described here - note most posts have been archived but still available on the site.

blog.it-securityguard.com

Patrik Fehrehbach’s personal blog. Patrik has found a number of cool and high impact vulnerabilities both detailed in this book and on his blog. He was also the second interviewee for Hacking Pro Tips.

blog.innerht.ml

Another awesome blog by a top White Hat on HackerOne. Interestingly, his profile feed on HackerOne is mostly Twitter and Yahoo�

blog.orange.tw

Blog by a Top DefCon hacker with links to tonnes of valuable resources.

Portswigger Blog

Blog from the developers of Burp Suite. HIGHLY RECOMMENDED

Nvisium Blog

Great blog from a security company. They found the Rails RCE vulnerability discussed and blogged about finding vulnerabilities with Flask/Jinja2 almost two weeks before the Uber RCE was found.

blog.zsec.uk

Resources 139

Bug Crowd Blog

Bug Crowd posts some great content including interviews with awesome hackers and other informative material. Jason Haddix has also recently started a hacking podcast which you can find via the blog.

HackerOne Blog

HackerOne also posts content useful content for hackers like recommended blogs, new functionality on the platform (good place to look for new vulnera- bilities!) and tips on becoming a better hacker.