bugbounty hacking pentesting



From the site: "Manually testing for DOM-based XSS arising from URL parameters involves a similar process: placing some simple unique input in the parameter, using the browser's developer tools to search the DOM for this input, and testing each location to determine whether it is exploitable."

Quote from this article:


"To ensure you operate effectively, define how much time you’re willing to spend on each of the stages from 1 to 5. Stage 4 is the most interesting and the stage we’re always the keenest to get stuck in to but stages 1-3 are where we actually find the bugs. Unless we know what we’re testing we can’t test it effectively. Generic vulnerabilities from automated testing tools will almost always be detected by either the developers or someone else before you get to it. You’ll make the most money by targeting the areas that nobody else is thinking of. This is why your research phases are so important. If you want to find new bugs you must do new things."

Important questions:

What are they running? Have you read about that?, if not do.

Methodology to follow (OWASP Testing Guide v4):