5 super important main-app testing tips for bug bounty hunters with STOK&Haddix
Five things to test on the main app. And If you don’t test for these, well then you’re missing out!.
1. Don’t just poke around on the outside of the app. There’s a lot of stuff on the inside.
2. Always look for IDOR’s and Access control bugs, can you do the same thing as another user?
3. Test all the file uploads, not just the profile picture, test all of em! (Command injection)
BONUS: Check all the dynamic parameters that accept urls or paths for SSRF’s
4. Create an epic wordlist and content discover all the hidden paths, try to identify information disclosures. find that juicy admin panel or forgotten backup.zip file..
5. Check for non technical bugs, what does the customer care about? Can you leak some data?
All music from Epidemic sound,
All gifs from Giphy
All your base are belong to us.
We want to work for you