Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Web Hacking 101

How to Make Money Hacking Ethically

Peter Yaworski

On December 22, 2015, Twitter paid over $14,000 to ethical hackers for exposing vulnerabilities. This wasn't a shakedown. Sites like Twitter, Shopify, Dropbox, Yahoo, Google, Facebook and more, ask ethical hackers to report security bugs and pay them. This book will teach you how you can get started with ethical hacking.

Minimum price

$9.99

$24.99

You pay

$24.99

Author earns

$19.99
$

...Or Buy With Credits!

You can get credits monthly with a Reader Membership
PDF
EPUB
WEB
3,934
Readers
255
Pages
69,453Words
About

About

About the Book

With a Foreword written by HackerOne Co-Founders Michiel Prins and Jobert Abma, Web Hacking 101 is about the ethical exploration of software for security issues but learning to hack isn't always easy. With few exceptions, existing books are overly technical, only dedicate a single chapter to website vulnerabilies or don't include any real world examples. This book is different.

Using publicly disclosed vulnerabilities, Web Hacking 101 explains common web vulnerabilities and will show you how to start finding vulnerabilities and collecting bounties. With over 30 examples, the book covers topics like:

  • HTML Injection
  • Cross site scripting (XSS)
  • Cross site request forgery (CSRF)
  • Open Redirects
  • Remote Code Execution (RCE)
  • Application Logic
  • and more...

Each example includes a classification of the attack, a report link, the bounty paid, easy to understand description and key takeaways. After reading this book, your eyes will be opened to the wide array of vulnerabilities that exist and you'll likely never look at a website or API the same way.

Share this book

Categories

Computers and ProgrammingSoftware EngineeringSoftware Architecture

Feedback

Email the Author

Author

About the Author

Peter Yaworski

Peter Yaworski is a self-taught developer who started off "developing" websites with Drupal. As he slowly started picking things up, he published YouTube video tutorials to give back to others.

He has since moved on to Rails and Android before developing a keen interest in software security. Right now, he is focused on developing Dailylearns.com, where he is the Lead Developer, and continuing to learn about software development best practices.

You can find his site at www.TorontoWebsiteDeveloper.com or message him on Twitter.

Leanpub Podcast

Episode 40

An Interview with Peter Yaworski

Translations

Translations

Languages

Contents

Table of Contents

1.Foreword

2.Introduction

  1. How It All Started
  2. Just 30 Examples and My First Sale
  3. Who This Book Is Written For
  4. Chapter Overview
  5. Word of Warning and a Favour

3.Background

4.Open Redirect Vulnerabilities

  1. Description
  2. Examples
  3. 1. Shopify Theme Install Open Redirect
  4. 2. Shopify Login Open Redirect
  5. 3. HackerOne Interstitial Redirect
  6. Summary

5.HTTP Parameter Pollution

  1. Description
  2. Examples
  3. 1. HackerOne Social Sharing Buttons
  4. 2. Twitter Unsubscribe Notifications
  5. 3. Twitter Web Intents
  6. Summary

6.Cross-Site Request Forgery

  1. Description
  2. Examples
  3. 1. Shopify Twitter Disconnect
  4. 2. Change Users Instacart Zones
  5. 3. Badoo Full Account Takeover
  6. Summary

7.HTML Injection

  1. Description
  2. Examples
  3. 1. Coinbase Comments
  4. 2. HackerOne Unintended HTML Inclusion
  5. 3. Within Security Content Spoofing
  6. Summary

8.CRLF Injection

  1. Description
  2. 1. Twitter HTTP Response Splitting
  3. 2. v.shopify.com Response Splitting
  4. Summary

9.Cross-Site Scripting

  1. Description
  2. Examples
  3. 1. Shopify Wholesale
  4. 2. Shopify Giftcard Cart
  5. 3. Shopify Currency Formatting
  6. 4. Yahoo Mail Stored XSS
  7. 5. Google Image Search
  8. 6. Google Tagmanager Stored XSS
  9. 7. United Airlines XSS
  10. Summary

10.Template Injection

  1. Description
  2. Server Side Template Injections
  3. Client Side Template Injections
  4. Examples
  5. 1. Uber Angular Template Injection
  6. 2. Uber Template Injection
  7. 3. Rails Dynamic Render
  8. Summary

11.SQL Injection

  1. Description
  2. SQL Databases
  3. Countermeasures Against SQLi
  4. Examples
  5. 1. Drupal SQL Injection
  6. 2. Yahoo Sports Blind SQL
  7. 3. Uber Blind SQLi
  8. Summary

12.Server Side Request Forgery

  1. Description
  2. HTTP Request Location
  3. Invoking GET Versus POST Requests
  4. Blind SSRFs
  5. Leveraging SSRF
  6. Examples
  7. 1. ESEA SSRF and Querying AWS Metadata
  8. 2. Google Internal DNS SSRF
  9. Takeaways
  10. 3. Internal Port Scanning
  11. Takeaways
  12. Summary

13.XML External Entity Vulnerability

  1. Description
  2. Examples
  3. 1. Read Access to Google
  4. 2. Facebook XXE with Word
  5. 3. Wikiloc XXE
  6. Summary

14.Remote Code Execution

  1. Description
  2. Examples
  3. 1. Polyvore ImageMagick
  4. 2. Algolia RCE on facebooksearch.algolia.com
  5. 3. Foobar Smarty Template Injection RCE
  6. Summary

15.Memory

  1. Description
  2. Buffer Overflow
  3. Read out of Bounds
  4. Memory Corruption
  5. Examples
  6. 1. PHP ftp_genlist()
  7. 2. Python Hotshot Module
  8. 3. Libcurl Read Out of Bounds
  9. 4. PHP Memory Corruption
  10. Summary

16.Sub Domain Takeover

  1. Description
  2. Examples
  3. 1. Ubiquiti Sub Domain Takeover
  4. 2. Scan.me Pointing to Zendesk
  5. 3. Shopify Windsor Sub Domain Takeover
  6. 4. Snapchat Fastly Takeover
  7. 5. api.legalrobot.com
  8. 6. Uber SendGrid Mail Takeover
  9. Summary

17.Race Conditions

  1. Description
  2. Examples
  3. 1. Starbucks Race Conditions
  4. 2. Accepting HackerOne Invites Multiple Times
  5. 3. Exceeding Keybase Invitation Limits
  6. 4. HackerOne Payments
  7. Summary

18.Insecure Direct Object References

  1. Description
  2. Examples
  3. 1. Binary.com Privilege Escalation
  4. 2. Moneybird App Creation
  5. 3. Twitter Mopub API Token Stealing
  6. Summary

19.OAuth

  1. Description
  2. Examples
  3. 1. Swiping Facebook Official Access Tokens
  4. 2. Stealing Slack OAuth Tokens
  5. 3. Stealing Google Drive Spreadsheets
  6. Summary

20.Application Logic Vulnerabilities

  1. Description
  2. Examples
  3. 1. Shopify Administrator Privilege Bypass
  4. 2. HackerOne Signal Manipulation
  5. 3. Shopify S3 Buckets Open
  6. 4. HackerOne S3 Buckets Open
  7. 5. Bypassing GitLab Two Factor Authentication
  8. 6. Yahoo PHP Info Disclosure
  9. 7. HackerOne Hacktivity Voting
  10. 8. Accessing PornHub’s Memcache Installation
  11. 9. Bypassing Twitter Account Protections
  12. Summary

21.Getting Started

  1. Reconnaissance
  2. Subdomain Enumeration
  3. Port Scanning
  4. Screenshotting
  5. Content Discovery
  6. Previous Bugs
  7. Testing the Application
  8. The Technology Stack
  9. Functionality Mapping
  10. Finding Vulnerabilities
  11. Going Further
  12. Summary

22.Vulnerability Reports

  1. Read the disclosure guidelines.
  2. Include Details. Then Include More.
  3. Confirm the Vulnerability
  4. Show Respect for the Company
  5. Bounties
  6. Don’t Shout Hello Before Crossing the Pond
  7. Parting Words

23.Tools

  1. Burp Suite
  2. ZAP Proxy
  3. Knockpy
  4. HostileSubBruteforcer
  5. Sublist3r
  6. crt.sh
  7. IPV4info.com
  8. SecLists
  9. XSSHunter
  10. sqlmap
  11. Nmap
  12. Eyewitness
  13. Gowitness
  14. Gobuster
  15. Meg
  16. Shodan
  17. Censys
  18. What CMS
  19. BuiltWith
  20. Nikto
  21. Recon-ng
  22. GitRob
  23. CyberChef
  24. OnlineHashCrack.com
  25. idb
  26. Wireshark
  27. Bucket Finder
  28. Race the Web
  29. Google Dorks
  30. JD GUI
  31. Mobile Security Framework
  32. Ysoserial
  33. Firefox Plugins
  34. FoxyProxy
  35. User Agent Switcher
  36. Firebug
  37. Hackbar
  38. Websecurify
  39. Cookie Manager+
  40. XSS Me
  41. Offsec Exploit-db Search
  42. Wappalyzer

24.Resources

  1. Online Training
  2. Web Application Exploits and Defenses
  3. The Exploit Database
  4. Udacity
  5. Bug Bounty Platforms
  6. Hackerone.com
  7. Bugcrowd.com
  8. Synack.com
  9. Cobalt.io
  10. Video Tutorials
  11. youtube.com/yaworsk1
  12. Seccasts.com
  13. How to Shot Web
  14. Further Reading
  15. OWASP.com
  16. Hackerone.com/hacktivity
  17. https://bugzilla.mozilla.org
  18. Twitter #infosec and #bugbounty
  19. Twitter @disclosedh1
  20. Web Application Hackers Handbook
  21. Bug Hunters Methodology
  22. Recommended Blogs
  23. philippeharewood.com
  24. Philippe’s Facebook Page - www.facebook.com/phwd-113702895386410
  25. fin1te.net
  26. NahamSec.com
  27. blog.it-securityguard.com
  28. blog.innerht.ml
  29. blog.orange.tw
  30. Portswigger Blog
  31. Nvisium Blog
  32. blog.zsec.uk
  33. brutelogic.com.br
  34. lcamtuf.blogspot.ca
  35. Bug Crowd Blog
  36. HackerOne Blog
  37. Cheatsheets

25.Glossary

  1. Black Hat Hacker
  2. Buffer Overflow
  3. Bug Bounty Program
  4. Bug Report
  5. CRLF Injection
  6. Cross Site Request Forgery
  7. Cross Site Scripting
  8. HTML Injection
  9. HTTP Parameter Pollution
  10. HTTP Response Splitting
  11. Memory Corruption
  12. Open Redirect
  13. Penetration Testing
  14. Researchers
  15. Response Team
  16. Responsible Disclosure
  17. Vulnerability
  18. Vulnerability Coordination
  19. Vulnerability Disclosure
  20. White Hat Hacker

26.Appendix A - Take Aways

  1. Open Redirects
  2. HTTP Parameter Pollution
  3. Cross Site Request Forgery
  4. HTML Injection
  5. CRLF Injections
  6. Cross-Site Scripting
  7. SSTI
  8. SQL Injection
  9. Server Side Request Forgery
  10. XML External Entity Vulnerability
  11. Remote Code Execution
  12. Memory
  13. Sub Domain Takeover
  14. Race Conditions
  15. Insecure Direct Object References
  16. OAuth
  17. Application Logic Vulnerabilities

27.Appendix B - Web Hacking 101 Changelog

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDFDownload Sample EPUBRead Sample OnlineRead online

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub