Bug Bytes #193 – Top 10 Web Hacking Techniques for 2022, Confessions of the Community and Filter Evasion

By travisintigriti

February 22, 2023

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the weeks from February 13th to February 19th


Intigriti News

From my notebook

This week we saw the release of the top 10 web hacking techniques for 2022 Something that jumped out at me is that they are either very technical and rely on you knowing a lot about how a piece of technology works, or very logical and require you to go through a lot of steps and break the flow. It’s cool to see OAuth take the top spot here, it’s always been a technology that a lot of developers implement but flows can be complex so it’s often insecure! Other articles for this week include some different perspectives on Bug Bounty hunting with a triager, program manager and bug hunter, some fun news and views from Critical Thinking and a list of missing CVEs in nuclei templates in case you’d like to contribute to the community.

  1. Top 10 web hacking techniques of 2022 by Portswigger!

  2. Weekly updated list of missing CVEs in nuclei templates official repository

  3. Confessions of a bug bounty program manager & Confessions of a top-ranked bug bounty hunter

  4. The View from the Other Side: A Security Analyst’s Perspective on Bug Bounty Triage

  5. Episode 7: PortSwigger Top 10, TruffleSecurity Drama, and More! (I also liked this one that I forgot to include last week! Episode 6: Mobile Hacking Attack Vectors with Teknogeek (Joel Margolis))

Other Amazing Things

You may also like