"Real-World Bug Hunting - A Field Guide to Web Hacking" by Peter Yaworski is one of the top five highly recommended books for learning web application hacking and bug bounty hunting. The book covers the following sections with multiple real-world bounty examples for each vulnerability type mentioned -
- Bug Bounty Basics
- Open Redirect
- HTTP Parameter Pollution
- Cross-Site Request Forgery
- HTML Injection and Content Spoofing
- Carriage Return Line Feed Injection
- Cross-Site Scripting
- Template Injection
- SQL Injection
- Server-Side Request Forgery
- XML External Entity
- Remote Code Execution
- Memory Vulnerabilities
- Subdomain Takeover
- Race Conditions
- Insecure Direct Object References
- OAuth Vulnerabilities
- Application Logic and Configuration Vulnerabilities
- Finding Your Own Bug Bounties
- Vulnerability Reports
The free PDF version of this 2019 book can be found at https://digtvbg.com/files/books-for...ld Guide to Web Hacking by Peter Yaworski.pdf
- Bug Bounty Basics
- Open Redirect
- HTTP Parameter Pollution
- Cross-Site Request Forgery
- HTML Injection and Content Spoofing
- Carriage Return Line Feed Injection
- Cross-Site Scripting
- Template Injection
- SQL Injection
- Server-Side Request Forgery
- XML External Entity
- Remote Code Execution
- Memory Vulnerabilities
- Subdomain Takeover
- Race Conditions
- Insecure Direct Object References
- OAuth Vulnerabilities
- Application Logic and Configuration Vulnerabilities
- Finding Your Own Bug Bounties
- Vulnerability Reports
The free PDF version of this 2019 book can be found at https://digtvbg.com/files/books-for...ld Guide to Web Hacking by Peter Yaworski.pdf