crash.software
Projects
Pull Requests
Issues
Builds
NafisiAslH-KnowledgeSharing
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY NafisiAslH-KnowledgeSharing Files
🤬
65918a2f
39 lines | ISO-8859-1 | 1 KB

6 Questions that Guarantee your Bounty

 

1. How does the app pass data?

parameter or path? secret03-1.png  

2. How/Where does app Talk about users?

Cookie or API Calls? uid or username or email or uuid? secret03-2.png  

3. Does site have multiple user levels?

admin, user, viewer, etc... secret03-3.png  

4. Has there been past vulns?

secret03-4.png  

5. How does the app handle?

XSS? CSRF? Code Injection? secret03-5.png  

6. Does site have unique threat model?

secret03-6.png  

Credit

Based on Jhaddix's peresentation
 

Support

You can Follow me on twitter or buy me a Coffee

Please wait...
Page is in error, reload to recover