#401: Bug Bounty bootcamp // Get paid to hack websites like Uber, PayPal, TikTok and more

How to get experience with no experience? Have a look at bug bounty programs. Vickie Li demos Insecure Direct Object References (IDOR) and tells us how to get into bug bounty. We also discuss why her book Bug Bounty Bootcamp is a fantastic book to buy if you want to get into bug bounty. Get real world experience today. // MENU // 00:00 - In plain text! 00:24 - Introducing//Vickie Li 00:58 - Part 1//The Interview 01:01 - Origin//Bug Bounty Bootcamp 03:37 - What are Bug Bounty Programmes? 05:26 - Part Time Bug Hunting? 05:44 - Easy Way to Get Experience 07:45 - Which Bug Bounty Programmes for Beginners? 10:51 - Beginners//Don't Compete with Pros 13:15 - Duplicates as Valid Experience 14:23 - What You Need to Start 14:59 - Linux//Do You Need It? 15:55 - Automate!//Which Programming Language? 18:03 - Beginner Friendly Vulnerabilities 21:17 - Part 2//Exploiting IDOR Vulnerability Demo 21:24 - What is IDOR? 22:51 - PortSwigger IDOR Lab 24:05 - Live Chat IDOR 24:48 - View transcript 25:12 - Burp Suite Intercept 26:05 - What to Look For//IDs Aren't Always Obvious 26:56 - Burp Suite//Looking Through Headers 27:56 - Burp Suite//Repeater 28:30 - Testing View Transcript Again 29:18 - GET Request//Identifying Exploitable Endpoint 30:26 - Modifying GET Request 31:35 - Finding the right headers to modify 33:47 - Why the first attempt didn't work 34:09 - IRL//What You Would Do 34:23 - Password in Live Chat Transcript 35:40 - How to Prevent IDORs 36:01 - IDORs//Worth Pursuing? 39:57 - Bug Bounties//How to Start 41:21 - Learn More!//Vickie's Blog 41:38 - Follow Vickie's Twitter! 41:52 - Thank You & Closing // Books // Bug Bounty Bootcamp: https://amzn.to/3K2YDeJ The Web Application Hacker's Handbook: https://amzn.to/3IZ2RTr Hacking API’s by Corey J Ball: https://amzn.to/3JOJG0E Alice and Bob learn application security by Tanya Janca: https://amzn.to/3oMyMij Automate the boring stuff with Python: https://amzn.to/3N2QuYu // Videos mentioned // Nahamsec: https://youtu.be/9vaEwycet90 Corey Ball: https://youtu.be/CkVvB5woQRM Tanya Janca: https://youtu.be/nyhytT2tRN0 Al Sweigart: https://youtu.be/7iBqoc-DzTQ // Vickie's social media // Twitter: https://twitter.com/vickieli7 Website: https://vickieli.dev/ YouTube: https://www.youtube.com/channel/UCjQH... Medium: https://vickieli.medium.com/ // Connect with David // Discord: https://discord.com/invite/usKSyzb Twitter: https://www.twitter.com/davidbombal Instagram: https://www.instagram.com/davidbombal LinkedIn: https://www.linkedin.com/in/davidbombal Facebook: https://www.facebook.com/davidbombal.co TikTok: http://tiktok.com/@davidbombal YouTube: https://www.youtube.com/davidbombal // Platforms mentioned // HackerOne: https://www.hackerone.com/ bugcrowd: https://www.bugcrowd.com/ Intigriti: https://www.intigriti.com/ Huntr: https://huntr.dev/ // Connect with Nahamsec // Twitter: https://twitter.com/nahamsec YouTube: https://www.youtube.com/c/nahamsec Github: https://github.com/nahamsec/Resources... Discord: https://discord.com/invite/ysndAm8 Instagram: https://www.instagram.com/nahamsec/ LinkedIn: https://www.linkedin.com/in/nahamsec/ Twitch: https://www.twitch.tv/nahamsec Website: https://nahamsec.com/ // MY STUFF // Monitor: https://amzn.to/3yyF74Y More stuff: https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #python #hack #xss