Bug-hunting: Discovery.

Some tips on common approaches to identifying areas of interest. There are a growing number of Bug bounty or vulnerability reward schemes online this first post will be some tips on common approaches to identifying areas of interest. I'm going to use Bugcrowd as my main example, but in the

TGHC

The Gentleman Hackers Club TGHC's old posts from my old website will be moved over to here with the tag 'tghc_old' I closed the blog as now I'm working for myself any research projects would be better placed here so those looking at me from a work perspective can

Securing Wordpress

Wordpress "I know what the security team said, but the marketing department need creative freedom. do your best!" I use Wordpress for my other blog The Gentleman Hackers Club and with a few key considerations you can protect your Wordpress project just as much as any other online application* Considerations:

URL from an Attackers View

Attackers View of a URL As a user who cares what happens in a URL ? ... not me.(most of the time). But let's break down opportunities for an attacker to learn something or even compromise via opportunities within a URL http://www.niceguyeddy_.com/secure/store.php?isadmin=0&