appsec.fyi

A somewhat curated list of links to various topics in application security.

Bug Bounty

Remote Code Execution explained with real life bug bounty reports
Security Tools
Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018)
Bug Bounty Hunting Tips #4 — Develop a Process and Follow It
Samesite by Default and What It Means for Bug Bounty Hunters
@Th3G3nt3lman Shares His Recon Methodology and How He Consistently Collects $15,000 Bounties!
quiver
sehno/Bug-bounty
Bug Bounty Toolkit
Bug Bounty
The Hitchhiker’s Guide to Bug Bounty Hunting Throughout the Galaxy.
The need for note making and an organized methodology in Bug Bounty Hunting
Hunting Good Bugs with only
nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters
Bug Hunting Journey of 2019
Bug Bounty Playbook
Bug Bounty
How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes
dsopas/assessment-mindset
bounty-targets-data
Understanding the full potential of sqlmap during bug bounty hunting
amass — Automated Attack Surface Mapping
dsopas/assessment-mindset
Pro tips for bug bounty
The complete story of how I got started into bug bounties and how you could get started already
jobertabma/relative-url-extractor
nahamsec/JSParser
How a Scottish schoolboy who failed computing became one of the richest 'ethical hackers'
bountyplz – automated security reporting from markdown templates
EdOverflow/bugbounty-cheatsheet
ZephrFish/BugBountyTemplates
Bounty Report Generator
File Upload XSS
Bug Bounty Hunting (Methodology, Toolkit, Tips & Tricks, Blogs)
Bug Hunting Methodology (part-1)
All Bug Bounty POC write ups by Security Researchers.
List of bug bounty writeups
Bug Bounty Reference
List of bug bounty writeups
Collaborate and work with other security researchers on bug bounties
The Bugs Are Out There, Hiding in Plain Sight
Bug Hunting Methodology from an Average Bug Hunter
Finding Hidden API Keys & How to use them
BugBountyNotes
BUG BOUNTY FORUM
Cookie worth a fortune
The Bugs Are Out There, Hiding in Plain Sight
Bug Hunting Methodology from an Average Bug Hunter
Automated monitoring of subdomains for fun and profit
So you want to be a web security researcher?
What I have learn in my first month of Hacking and Bug Bounty?
Awesome Penetration Testing
Bug Hunting Methodology(Part-2)
Spokeo Bug bounty Experience
Bug Bounty Guide
Source code disclosure via exposed .git folder
DomLink — Automating domain discovery