1.Important functions first
2.Follow user input
3.Hardcoded secrets and credentials
4.Use of dangerous functions and outdated dependencies
Thread🧵:👇
5.Developer comments, hidden debug functionalities, configuration files, and the .git directory
6.Hidden paths, deprecated endpoints, and endpoints in development
7.Weak cryptography or hashing algorithms
More 🧵:👇
8.Missing security checks on user input and regex strength
9.Missing cookie flags
10.Unexpected behavior, conditionals, unnecessarily complex and verbose functions
Thank You So Much For Reading This Amazing
Thread🧵On : Code Review #bugbounty#infosec
1. Create two accounts if possible or else enumerate users first. 2. Check if the endpoint is private or public and does it contains any kind of id param. 3. Try changing the param value to some other user and see if does anything to their account.
🧵(2/n) :👇
➡ Testcase 1: Add IDs to requests that don’t have them
GET /api/MyPictureList → /api/MyPictureList?user_id=<other_user_id>
Pro tip: You can find parameter names to try by deleting or editing other objects and seeing the parameter names used.
🏹Intro :
The objective of web cache poisoning is to send a request that causes a harmful response that gets saved in the cache and served to other users.
• If you're testing for XSS on a site with a CSP, use burp's find+replace on the CSP reporting uri to point to a burp collaborator instance so you don't have to monitor dev tools for csp exceptions.
🧵:👇
• Search for hidden (and visible) input fields and try to set the value via GET. A lot of Webapps still use $_REQUEST. You will be surprised. If you have a
reflected value -> check of html/script injection.