A Practical Introduction to OSS Bug Hunting

Aiming to get my first CVE ID in 30 days

This book is a systematic and practical introductory guide to bug hunting, designed for those who have finished learning the basics of web security and are ready to achieve the real-world milestone of obtaining their first CVE ID.

morioka12

Minimum price

$9.99

$19.99

You pay

$19.99

Author earns

$15.99

PDF

EPUB

WEB

About

About the Book

While there are many learning resources and practice environments available, mastering them is often not enough to break through the barrier of finding vulnerabilities in real products and successfully securing a recognized CVE.

Focusing on open-source software (OSS) on GitHub, this book condenses the author's personal expertise into a 30-day roadmap. It covers everything from selecting target OSS and "search techniques" for finding vulnerabilities within vast amounts of source code, to "code review" for understanding implementations and the "reporting skills" required to have a vulnerability officially recognized.

Through this book, let's take your first step from being a mere "learner" to becoming a "bug hunter." I hope that in 30 days, your first CVE ID—with your name etched into history—will be issued.

Recommended People

Those who want to try obtaining a CVE ID
Those who are motivated and enthusiastic
Those interested in web security or bug hunting
Those interested in vulnerability assessment or penetration testing
Those who want to challenge themselves with bug bounties in the future

Three Key Features of This Book

"Living Knowledge" from an Active Bug Hunter
Practical Wisdom on "Thought Processes" and "Strategy
"Systematic" Coverage of the Entire Process

My hope is that this book serves as a catalyst for you to transition from being a mere "learner" to a "bug hunter" contributing to real-world security, resulting in the issuance of your very first CVE ID with your name engraved on it.

The suggested hashtag for this book is #OSSBugHunting

Share this book

Feedback

Email the Author

Author

About the Author

morioka12

Security Engineer & Bug Bounty Hunter (since 2020)

I work as a penetration tester at cybersecurity company in Japan.

Table of Contents

- 0.1. Getting Started
  - Purpose of This Book
  - An Invitation to the Real World
  - A 30-Day Intensive Roadmap
  - A Message from the Author
- 0.2. 30-day Roadmap
- 1.1. [Day 1-2] Orientation
  - Welcome to the World of Bug Hunting
  - Overview of CVE
  - Etiquette and Rules of Bug Hunting
  - Selecting a Target
- 1.2. The Process for Obtaining a CVE ID
  - The Five Steps
  - Five Actions from a Bug Hunter’s Perspective (Report → Acquisition)
  - The Key to Success: GitHub Security Advisories
- 1.3. The Secret to Target Selection
  - Target Types and Difficulty Levels
  - Selection Priority Checklist
  - Targets to Avoid
  - Finding Your Target OSS
- 1.4. Vulnerability Types and Characteristics by Target
  - About General Web Vulnerabilities
  - Characteristics by OSS Type
  - 1. CVE Examples: Web Applications
  - 2. CVE Examples: Libraries
  - 3. CVE Examples: Frameworks
  - Advice from the Author
- 2.1. [Day 3-4] Environment Construction and Tool Setup
  - OSS Environment Construction
  - Tool Setup
  - Summary of Recommended Tools
  - Advice from the Author
- 2.2. Tools and Debugging
  - Three Essential Tool Elements to Master
  - Main Uses of Tools
  - Overview of the Tool Workflow
  - Objectives of Debugging
  - Debugging Techniques
  - Benefits of Debugging Skills
  - Advice from the Author
- 3.1. [Day 5-10] Initial Investigation Phase
  - Understanding Specifications and Functions
  - Identifying Input Points
  - Intuition for Suspicious Areas (The Bug Hunter’s Scent)
  - Important Attacker Perspectives
- 3.2. Vulnerability Scent and Strategy
  - Characteristics by Target Type
  - Points for Intuition and Instinct
  - Turning Your Preferences into Strengths
  - Bypassing Security Controls
  - Advice from the Author
- 3.3. Taint Analysis in Practice
  - The Three Elements of Taint Analysis
  - Examples of Sink Lists by Language
  - Choosing Between Backwards and Forwards Approaches
  - Examples of Tracking Approaches
  - Standard Taint Analysis Workflow
  - Advice from the Author
- 3.4. Re-Examination of Past CVEs
  - Listing and Dissecting Past CVEs
  - Thinking Methodology: Devising “Bypass Techniques” from Fix PRs
  - Common Bypass Technique Examples
  - Mindset for Successful Bypassing
  - 3 Steps for Re-verification
  - Advice from the Author
- 3.5. Considering Attack Scenarios
  - The Five Ultimate Goals
  - Resolution of Attack Scenarios
  - Attack Scenario Examples
  - Advice from the Author
- 3.6. Multifaceted Perspectives and Note-Taking
  - Common Multifaceted Perspectives
  - Critical Thinking
  - Thinking Evolution: Connecting the Dots
  - Effective Note-Taking
  - Advice from the Author
- 4.1. [Day 11-20] Vulnerability Investigation Phase
  - The Hypothesis Verification Cycle
  - Common Verification Points
  - Core Verification Techniques
  - Preserving Evidence
  - Advice from the Author
- 4.2. Dynamic and Static Analysis in Practice
  - Dynamic Analysis
  - Static Analysis
  - Secure Code Reading
  - Grep Techniques
  - Deep Dive into Libraries
  - Strategies by Analysis Style
  - General Investigation Flow
  - Recommended Steps from the Author
- 4.3. AI Secure Code Review
  - Approaches to AI Code Review
  - Approaches to AI Secure Code Review
  - The Three Principles
  - Prompt Engineering Tips Examples
  - Three Mindsets for Working with AI
  - Advice from the Author
- 4.4. Threat Consideration and Proof
  - Proving the Value of a Vulnerability
  - The Boundary Between “Feature” and “Vulnerability”
  - Solidifying Decisive Evidence
  - Advice from the Author
- 5.1. [Day 21-25] Report Writing and Presentation
  - Report Entry Items
  - General Points
  - Points for Reproduction Steps
  - Points for Risk Assessment
  - CVSS Score
  - Follow-up After Reporting
  - Advice from the Author
- 5.2. Creating a Proper PoC
  - Why Provide a PoC?
  - 1. JavaScript PoC Using DevTools
  - 2. Python PoC Using the Terminal
  - Choosing the Right PoC Format
  - Important Considerations When Creating a PoC
  - Advice from the Author
- 5.3. CVE Reported Cases
  - 1. Improper Rate Limiting
  - 2. Blind SSRF
  - 3. SSTI to RCE
  - 4. SQL Injection
- 6.1. [Day 26-30] Fixing the Vulnerability and Obtaining a CVE
  - Verifying the Patch and Final Confirmation
  - CVE ID Issuance and Disclosure
  - Actions After Obtaining a CVE
  - Lessons from Failure
- 6.2. 30-day Review and Next Steps
  - Reviewing the 30 Days
  - Potential Next Steps
  - Differences Between OSS and Bug Bounty Programs
- 7. Conclusion
  - The 30-Day Challenge
  - To My Readers
  - Final Words: With Gratitude
  - Happy Bug Hunting!

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub