Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/jhaddix/tbhm

The Bug Hunters Methodology
https://github.com/jhaddix/tbhm

Last synced: 21 days ago
JSON representation

The Bug Hunters Methodology

Awesome Lists containing this project

README 

        



# The Bug Hunter's Methodology (TBHM)



Welcome! This repo is a collection of 



 - tips  

 - tricks

 - tools

 - data analysis

 - and notes



related to web application security assessments and more specifically towards bug hunting in bug bounties. 



The current sections are divided as follows:



### Before You Get Hacking



* [Learning Resources](/Learning.md)

* [Content Creators and Influencers](/Content.md)



### Reconassiance



### Application Analysis



* [Mapping](/03_Mapping.md)

* [Authorization and Sessions](/04_Authorization_and_Session.md)

* Tactical fuzzing

  * [XSS](/05_XSS.md)

  * [SQLi](/06_SQLi.md)

  * [File Inclusion](/07_File_Upload.md)

  * [CSRF](/08_CSRF.md)

* [Privilege, Transport and Logic](/09_Privledge_Logic_Transport.md)

* Web services

* [Mobile vulnerabilities](/10_Mobile.md)



### Other



* [Auxiliary Information](/11_Auxiliary_Info.md)



The goal of the project is to incorporate more up to date resources for bug hunters and web hackers to use during thier day-to-day work. 



@jhaddix



##  History



|Title| Conference | Version| Link 

|--|--|--|--|

| How to Shot Web | Defcon 23 | 1.0 | Link |

| The Bug Hunter's Methodology | xxx | xxx | Link |

| The Bug Hunter's Methodology | xxx | xxx | Link |

| The Bug Hunter's Methodology | xxx | xxx | Link |

| The Bug Hunter's Methodology | xxx | xxx | Link |