appsec.fyi

A somewhat curated list of links to various topics in application security.

Bug Bounty

Conference notes: The Bug Hunters Methodology v3(ish) (LevelUp 0x02 / 2018)

Bug Bounty Hunting Tips #4 — Develop a Process and Follow It

Samesite by Default and What It Means for Bug Bounty Hunters

@Th3G3nt3lman Shares His Recon Methodology and How He Consistently Collects $15,000 Bounties!

quiver

sehno/Bug-bounty

Bug Bounty Toolkit

Bug Bounty

The Hitchhiker’s Guide to Bug Bounty Hunting Throughout the Galaxy.

The need for note making and an organized methodology in Bug Bounty Hunting

Hunting Good Bugs with only <HTML>

nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters

Bug Hunting Journey of 2019

Bug Bounty Playbook

Bug Bounty

How To Setup an Automated Sub-domain Takeover Scanner for All Bug Bounty Programs in 5 Minutes

dsopas/assessment-mindset

bounty-targets-data

Understanding the full potential of sqlmap during bug bounty hunting

amass — Automated Attack Surface Mapping

dsopas/assessment-mindset

Pro tips for bug bounty

The complete story of how I got started into bug bounties and how you could get started already

jobertabma/relative-url-extractor

nahamsec/JSParser

How a Scottish schoolboy who failed computing became one of the richest 'ethical hackers'

bountyplz – automated security reporting from markdown templates

EdOverflow/bugbounty-cheatsheet

ZephrFish/BugBountyTemplates

Bounty Report Generator

File Upload XSS

Bug Bounty Hunting (Methodology, Toolkit, Tips & Tricks, Blogs)

Bug Hunting Methodology (part-1)

All Bug Bounty POC write ups by Security Researchers.

List of bug bounty writeups

ngalongc/bug-bounty-reference

List of bug bounty writeups

Collaborate and work with other security researchers on bug bounties

The Bugs Are Out There, Hiding in Plain Sight

Bug Hunting Methodology from an Average Bug Hunter

Finding Hidden API Keys & How to use them

BugBountyNotes

BUG BOUNTY FORUM

Cookie worth a fortune

The Bugs Are Out There, Hiding in Plain Sight

Bug Hunting Methodology from an Average Bug Hunter

Automated monitoring of subdomains for fun and profit

So you want to be a web security researcher?

What I have learn in my first month of Hacking and Bug Bounty?

Awesome Penetration Testing

Bug Hunting Methodology(Part-2)

Spokeo Bug bounty Experience

Bug Bounty Guide

Source code disclosure via exposed .git folder

DomLink — Automating domain discovery