Finding Your First Bug: Business Logic Errors

preview_player
Показать описание
Correction: at 30:55 I launched intruder to just get errors back, however, this was because my JSON payloads were not legal JSON. I had missed a comma in Intruder. Thank you to FrenchPirate83 for finding that error.

Hi everyone, welcome to the first video in my new series "Finding Your First Bug" in this series I'm going to go over some good first bugs: explain what they are, how to find them, show some examples of real bugs in the wild that paid out and finally do a practical example with Burp on a real target.

In this video, we'll be discussing Business Logic Errors, a type of bug that targets the logic of a website or app rather than the technical implementation.

0:00 - Theory: what is a business logic error/how to find them
7:09 - Case studies: 8 examples of business logic bugs by complexity
21:28 - Practical Burp: Looking at Flurry an app in scope on the Verizon Media public program

-- Case Studies --

-- You Should Also Watch --

-- Social Media --
  1. InsiderPhD
  2. bug bounty
  3. burp
  4. business logic
  5. hackerone
  6. cyber security
Рекомендации по теме
Finding Your First 0:37:47

Finding Your First Bug: Business Logic Errors

Finding Your First 0:09:14

Finding Your First Bug

How I Found 0:09:33

How I Found My First Bug (now you can too)

How I Found 0:19:41

How I Found My First Bug (and earned $1k!) - Business Logic Tips

Finding your First 0:06:06

Finding your First Bug and Getting a Bounty - Personal Story by @InsiderPhD

Finding Your First 0:32:32

Finding Your First Bug: Choosing Your Target

Finding Your First 0:14:38

Finding Your First Bug By U̸͓͋ṅ̸̞c̵̗̐l̴̹͗ȅ̴͉ ̷̳͌R̸̩͒a̸̺̕t̴̖͒ @InsiderPhD ​...

Finding your first 0:00:26

Finding your first Bug Bounty #bugbounty #podcast #intigriti #bugcrowd #hackerone #shorts

Finding Your First 0:43:35

Finding Your First Bug: Finding Bugs Using APIs

Finding Your First 0:48:47

Finding Your First Bug: Getting Started on a Target (Part 1)

Finding Your First 0:33:28

Finding Your First Bug: Manual IDOR Hunting

How to Find 0:23:33

How to Find Your First Bug

Finding Your First 0:48:10

Finding Your First Bug: Impact and Report Writing

How to Find 0:00:16

How to Find Your First Bug !

10 Tips For 0:16:24

10 Tips For Crushing Bug Bounties in the First 12 Months

The Story of 0:02:45

The Story of My First Paid Bug

Finding Your First 0:31:10

Finding Your First Bug: Goal Setting / Remote Code Execution (RCE)

Finding Your First 0:22:10

Finding Your First API Bug (NahamCon 2023)

Your first Steps 0:04:58

Your first Steps in Bug Bounty Hunting - The Fast Way

Finding Your First 0:29:48

Finding Your First Bug: Goal Setting and Motivation

Using bug bounty 0:00:43

Using bug bounty to land your first pentesting job

Finding Your First 0:31:25

Finding Your First Bug: Reading JSON and XML for Information Disclosure

' Find your 0:02:29

' Find your First Bug, Get your First Bounty' - JAI NIRESH

Why We Solve 0:00:46

Why We Solve Big Problems First

Комментарии
Автор

this is pure gold info for the starters like me. and it's inspiring! thank you so much for your efforts and yes we would like to see more like these videos!

tayfun
Автор

Just getting started in this field and found your playlist for "Finding Your First Bug" this is a mine of knowledge for me.
Thanks for amazing videos.

snoopysaurav
Автор

Incredible content. I have done a lot of courses about web, reverse, hacking, passed certifications, but this is REAL hands-on cases! I love it ! Thanks a lot InsiderPhD <3

sarahconnorh
Автор

I am going to start taking notes from your videos. This is gold..!!! god bless you.

tirtheshpawar
Автор

I'm still get back to this awsome super informative videos ❤️

athtp
Автор

Thank you so Love being able to actually watch you try real stuff.

johnb
Автор

Wow, nice channel, I am just getting into bug bountys from malware lol and I can see myself watching all your videos. I see you know STOK ha, love his videos as well :)

www
Автор

Thanks for that well explanation Katie!

ricardotech
Автор

Can’t express how beneficial these videos have been in my goal of becoming a sound hacker. This is what the hacking community is all about!

PlentyRude
Автор

Absolutely loved it!!!
Got so much to learn!!
Thank you so much ❤️

pranavbankoti
Автор

man, u r such a good teacher... I mean when I first started to read about business logic error I didn't understand a thing but after watching ur video I actually tried n got results...thank u so much for doing this amazing work I really appreciate it

arshmansuri
Автор

I am here for the cyber mentor recomendation, I came looking for copper and I found gold

franklinramirez
Автор

Keep up the great work man, love your videos. I’ve been doing web app pen testing before bug bounties existed and fell out of the scene now I’m getting back into it and videos like these are helpful to update me on new theories and concepts. Keep posting!

sergiomedeiros
Автор

That's the kind that I've been looking for for a long time
So far I have not found bugs because I have relied on types like xss sqli csrf And I became a little frustrated
Thank you very much we hope to see more exciting things

borhangherbi
Автор

Thanks for sharing such gold stuff! Really appreaciate your efforts :)

keerahere
Автор

We all know InsiderPhd scores on business logic errors. She has really explained it really well.

ronzz
Автор

your videos are so informative. thank you so much for this series :)

dalidasaad
Автор

thank you for making these videos you are actually one of the few people how go indept on a "live" target and really go into steps..
Yes sure people use the vulnerable web app or owasp test apps but i don't really feel its the same thing because they where made buggy.

So thank you for making these video i learned allot :) !

ericcolt
Автор

Ma'am, happy teacher's day. Love from India. :) Awesome video!

dhruvkandpal
Автор

TBH this was the most helpfull video of hacking ive ever seen on youtube i knew exactly what you where doing and the explaining was outstanding thanks alot!!! ....:)

zorfteq