Saturday, December 21, 2019

Hunting Bugs

December 21, 2019  ,  No comments

Introduction to Hunting Bugs:

I have a video ( not My ) I also learn from this course

Why do we learn to hunt bugs?There are several reasons, and reasons vary from person to person. But first and foremost reason is we want to be better security professionals or researchers. When a security professional is able to hunt security bugs in any web application and because they are helping the whole community to remain safe and secure, it earns them respect as well. At the same time, the successful bug hunter usually gets a bounty for their effort. Almost every big web application, including Google, Facebook, and Twitter, Tumbler etc has its own bug hunting and bounty program. So learning to hunt bugs may also help you to earn some extra money. There are many security experts and researchers who make this their profession and earn regular money by hunting bugs.
After this we read about same Bug hunt platforms:
Hackerone
Cobalt
Bugcrowd 
BountyFactory
Synack
AntiHack
Hackenproof
Zerocopter
Japan bug bounty program
Bug bounty programs list

and we also see same tools which is used in bugs hunting
Burp Suite:
Many ethical hackers and security professionals opine that finding vulnerabilities in any web application has been made easy with the help of the Burp Suite tool.

OWASP ZAP:
Many security professionals, use this tool besides (Burp Suite).Because in some cases, OWASP ZAP works better than Burp. So, in the very beginning you need not worry about buying the professional Burp Suite.
OPEN Burp Suite
If you use Kali Linux than In toolbox on the left side of  Kali Linux , the fifth/other icon belongs to Burp Suite. Clicking it will open the Burp Suite.
Open OWASP ZAP
(Kali Linux) Go to the top left corner of Kali Linux and click the Applications tab. There you get the Web Application Analysis link here you see OWASP ZAP.
Click on the OWASP ZAP link and it will open 

Same other tools
For web application analysis, we already have tools like wpscan, httrack, and sqlmap in Kali Linux. However, we may need to scan the ports, so nmap will be extremely useful. That is also available in Kali Linux. Another good web application vulnerability scanner is nikto. However, the range of nmap is quite big, and you can not only do the web application analysis but also use it for vulnerabilities analysis, information gathering, etc.


0 comments:

Post a Comment

Hack Me Tech