@@SumitYadav-lr5vy i would suggest you to start with one of these: IDOR, Business Logic Errors or Broken Authorization. Specially business logic errors, that may not be as popular as the other ones.
@@SumitYadav-lr5vy actually to find a business logic error vulnerability you need to understand the business of the application you are testing. For example: a dating app allows the user to send messages to another user only when they have a match. But what if the user can actually send messages to a person before the match?
Thanks, nice work. Keep going!
thanks!
Bro great video, i truely love the pace…keep it man..
@@poiuymnbvc8339 thanks!
keep making more videos
thanks for the feedback. What topic would you like to see next?
Thanks, nice explanation
nice to know that! Is there any other vulnerability you would like to see in the perspective of a web software engineer?
I am just beginner in this field so just learning from internet Portswigger labs, TH-cam, you etc any help appreciate
nice to know that, i’ll be posting about other bugs soon
Thanks
Can you make a series for hunting xss?? Showing how to exploit xss in different ways
@@poiuymnbvc8339 that’s something I wanted to do. I have some application that I developed myself that i can use for demonstration
So about doom xss
Can you start a series in which you explain bugs which a not hunted by many hunter
@@SumitYadav-lr5vy of course! I have a scheduled video here about non common vulnerabilities
So as a beginner who just started bug Bounty what types of bugs will you recommend him to hunt for ?
@@SumitYadav-lr5vy i would suggest you to start with one of these: IDOR, Business Logic Errors or Broken Authorization.
Specially business logic errors, that may not be as popular as the other ones.
@@bugbountywithmarco can you recommend me some recourse because business logic error doesn't have good resources?
@@SumitYadav-lr5vy actually to find a business logic error vulnerability you need to understand the business of the application you are testing.
For example: a dating app allows the user to send messages to another user only when they have a match. But what if the user can actually send messages to a person before the match?
@@bugbountywithmarco it is like bac related issues
@@SumitYadav-lr5vy a little similar issue
hey i have noticied u reported many vulnerabilities in hacker one may i know what kind of those vulnerabilities are? do those are xss? or what
my top 3 most reported vulnerabilities is: business logic errors, IDOR, and Improper Access Control
@@bugbountywithmarco oh thanks & interesting
none of your social links are working btw
thanks for the tip. I believe this is happening because this channel was just created.
You can find the clickable links in my channel page though