"Real-World Bug Hunting: A Field Guide to Web Hacking" is a cybersecurity manual written by Peter Yaworski, a known bug bounty hunter and application security manager at Shopify.
The book tells about the world of bug bounty hunting, i.e. the practice of discovering and reporting software vulnerabilities for a fee respecting the due rules of secrecy. In particular, it tells about the world of web vulnerabilities, such as SQL injection, XSS, HTML injection, HTTP parameter pollution and much more.
For every vulnerability class there is a theoretical description, followed by real cases of vulnerabilities reported by researchers.
The manual is suitable for cybersecurity beginners too, but it has the prerequisite of the knowledge of the basics of web development; furthermore not all the exampleas will be clare, but the book warns the reader by reporting the difficulty of them.
A defect of the book is that is not very thorough, but, despite that, it can be a good starting point for the learning of the security of web applications.
No comments:
Post a Comment