Bug Bounty & Agile Pentesting Platform

Bug Bytes #213 – Hacking a Prison, XSS on steroids, CAIDO free for students and Bogus CVEs

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the week from September 25th to October 1st

Intigriti News

From my notebook

  1. Bug Bounty Stories (EP2): Hacking a Prison – NahamSec shows us why reading the javascript is important
  2. Bounty of an Insecure WebView (Part 1): XSS, but with Steroids – A fun XSS in a mobile apps WebView causes an interesting XSS vector
  3. CAIDO launches a student plan! – If you’re a student you can get CAIDO for free, simply email them proof of student status
  4. The bogus CVE problem [LWN.net] – While the CVE system is crucial for tracking vulnerabilities, not every entry is submitted in good faith
  5. Input Validation: Necessary but Not Sufficient; It Doesn’t Target the Fundamental Issue – Input validation is an important method for stopping some vulnerabilities, but that doesn’t mean it’s akkways the right choice!
Write Ups