How I Found My First Bug (and earned $1k!) - Business Logic Tips
ฝัง
- เผยแพร่เมื่อ 8 ก.ย. 2024
- This week I'll be retelling the story of my first bug(s), how I found them, and what the bugs were. Then I'll give you my top 9 tips on finding business logic errors in the wild, including a sneak preview at Patreon only content! I really like business logic errors because it's hard to automate them, that fact makes them AMAZING for hunting, especially since they are also often overlooked. They tend to be target-specific so in this video, I give you some general tips on how to find these bugs regardless of the target!
Did you know this episode was sponsored by Intigriti?
Sign up with my link go.intigriti.co...
I'm so pleased with everyone's positive response to the Intigriti sponsorship and I'm so pleased you folks are finding bugs and even finding your first bugs! Thank you for being awesome!
Web Security Academy - Business Logic: portswigger.ne...
- Social Media -
Discord: insiderphd.dev...
Patreon: / insiderphd
Twitter: / insiderphd
Patreon Shoutouts
Forrest Held
L houssine
josh
Wardell Castles
Gynvael
Ram
James Clee
Thank you so much for what you're giving to the community with this videos
Aww thank you, I will keep making videos as long as people watch them!
I'm changing to your bug in focus series because I find these bugs easy to learn but hard to find. These bugs depends too much of developer doing a bad job, and catch their errors seems to be a matter o luckiness for me. On harder bugs I feel like it depends much more of my effort than my luckiness... Enjoyed the video, I expect to have the same sensation when I find my first bug.
Love your content, & the way you describe things! I highly appreciate your efforts 🙏.
Thank You Katie For Sharing Knowledge With Us ❤️.
Also, Your voice is cute 😄.
nice try bro
THE QUEEN OF THE BUG BOUNTY HUNTERS
I also found a business logic issue in Apple , but sadly it's not their bounty category 😞, but still got credited though.
Awesome! I was thinking about getting into bug bunties. Been working as a pentester for a year now, infra and web. Found some API calls in a JS file on one assigment, and noticed there was no server-side checking for authorization. Ended up bulk importing administrator users. Guess I'm good to go then lol.
Thank you for this,
Love from Wales ❤🏴
Awesome one. Thank you.
Hallo there.. thank you soo much I've been watching your video and its really helpful but I didn't know how I'll do my First bug practically can you help me please..??
Welcome back Dr
Thank you! Great to be back I missed making videos :D
@@InsiderPhD no problem
it is really helpful for me
Thanks for this video! It was really helpful :)
I know you don’t need these videos anymore x] you need to unsub! Getting too good!
@@InsiderPhD nah come one :P
Thanks though :)
Hey , please create a video about getting into the profession of hacking
I've been into cybersecurity since 2010/2011 and I'm very happy with how far I've came I never thought I'd be where I am today but I appreciate your videos and it's nice to see a women actually really know what she's talking about since you don't see many women in cybersecurity and especially ones that actually aren't skids.
Can you please make videos on advanced xss courses
Literally everythings on youtube is just basics stuffs and i'm looking for advanced courses about cross site scripting
Thanks.❤
I’ve made a video on BlindXSS already but DOM XSS is in the pipeline! Coming soon :)
Oh and also WAF bypasses is in the pipeline too!
@@InsiderPhD thats what i'm talking about, the filters that escape tags and characteres
Anw thank you for your response ❤
hey Katie, just had a question, do you have any idea why in the world reCAPTCHA verification is expired after 2 minutes of inactivity? and what would be the impact if it is not expired and we are still able to continue.
I suspect because a human would be able to solve it in 2 mins? I'm not sure though
@@InsiderPhD 🤔thanks😁✌
Thanks 😊
What you mean by "is user an endpoint"? I'd like to read further to understand this. Can u give some tittles or material to look for deep?
Thanks insiderphD
start from html
Thank thanksssss you so much
Can you please share reference for practice as you mentioned in video.
Thank you
Good spot! portswigger.net/web-security/logic-flaws in the description now thank you for informing me!
@@InsiderPhD thanks for prompt response
Hey.. I know you are smart to make your own web applications. Can you teach us about h2c smuggling with a demo video?
I found a bug in icloud can u plz tell me how to file bug report
Search apple bug bounty, and read other blogs how they reported. Just be sure about the impact
Hi katie, your videos are awesome
can youplease make a ctf challenge on ctfchallenge.co.uk??
It's a simple challenge but it's so annoying that i can't find the creds of a challenge : vulntraining.co.uk (its a challenge of the ctfchallenge.co.uk website)
thank you
❤️
by golly... SHE IS BRITISH!!!!!!!
:)
First!
You are first! Congrats 🥳