Skip to content
  • Home
  • OWASP Top 10
  • Bug bounty hunting
  • About
  • Contact
  • How to support

Category: Hacking

my bug bounty methodology

My bug bounty methodology and how I approach a target

April 22, 2021 by thehackerish

Last time, I showed you the best resources I use to stay up to date in bug bounty hunting. Today, I will share with you my bug bounty methodology when I approach a target for the first time. This is going to be divided into several sections. First, I will show how I choose a …

Continue Reading
top bug bounty resources to stay up to date

The top 9 bug bounty resources to stay up to date

April 22, 2021 by thehackerish

In this episode, we will explore the best bug bounty resources and how you can properly use them to efficiently stay up to date. Some are robust resources provided by the bug bounty platforms and the community. Others are general websites which you can customize to fit your bug bounty needs.

Continue Reading
Bug bounty burnout and your mental health

Bug bounty burnout and your mental health

April 22, 2021 by thehackerish

Last time, we gained a bird’s eye view of the landscape of bug bounties. We concluded that they have many benefits, but can also lead to bug bounty burnout. Today, we explore what causes burnout and suggest ways to heal from it and preserve your mental health while still doing what you’re passionate about: Hacking!As …

Continue Reading

OWASP Top 10: The Ultimate Guide

April 22, 2021 by thehackerish

If you are here, chances are that you want to learn web application security or the OWASP Top 10, but you don’t know where to start. Well, let me tell you that you came to the right place. I’m a penetration tester who enjoys breaking into my clients’ infrastructure and web applications. Besides, I train …

Continue Reading
insecure deserialization

Insecure Deserialization explained with examples

April 22, 2021 by thehackerish

Hello ethical hackers and welcome to this new episode of the OWASP Top 10 vulnerabilities series. In this blog post, you will learn Insecure Deserialization vulnerability. The plan is as follows: Insecure deserialization definition: This where you will learn the key terminologies and concepts behind this vulnerability,  Examples of insecure deserialization in different programming languages: …

Continue Reading
Security misconfiguration

OWASP Security misconfiguration explained

April 22, 2021 by thehackerish

Hello dear readers and welcome to this new OWASP Top 10 vulnerabilities episode. Today’s article is about Security misconfiguration. You will learn one of the most impactful vulnerabilities which some bug bounty hunters specialize in. Yet, many security testers overlook it. We will explore the following points:  Define Security misconfiguration: First, we need to start …

Continue Reading

IDOR explained – OWASP Top 10 vulnerabilities

April 22, 2021 by thehackerish

Hello ethical hackers and welcome to this new episode of the OWASP Top 10 vulnerabilities series. In this blog post, you will learn all aspects of the IDOR vulnerability. You will start with the basics and gradually build your knowledge. When you finish reading this article, you will have a solid understanding of IDOR. Besides, …

Continue Reading

XXE explained – OWASP Top 10 vulnerabilities

April 22, 2021 by thehackerish

Welcome to this new episode of the OWASP Top 10 vulnerabilities series. Today, you will learn everything related to XXE. This blog post will explain the theory with some examples. By the end, you will be ready to tackle XXE in practice. Don’t forget to subscribe the Friday newsletter to kickstart your Some key XXE …

Continue Reading
XXE tutorial

XXE tutorial in practice – OWASP Top 10 training

April 22, 2021 by thehackerish

Hello and welcome to this OWASP Top 10 training series. Today, you will practice XXE injection on OWASP WebGoat. By the end of this XXE tutorial, you will achieve the following goals: Exploit XXE to Read internal files from the vulnerable server. Pivot from XXE to SSRF Exploit a Blind XXE Perform the Billion laughs …

Continue Reading

How to install OWASP Juice Shop – OWASP Top 10 training

April 22, 2021 by thehackerish

Welcome back to the OWASP Top 10 training series. Today, we are going to install OWASP Juice Shop using both Heroku and Docker. This is the last step in our OWASP Top 10 lab setup. Last time, we installed OWASP WebGoat. I’ve chosen to add it in this application so that we can experiment with …

Continue Reading

Posts pagination

  • Previous
  • 1
  • 2
  • 3
Get my FREE Udemy course

Hack like a white hat hacker - A practical introduction

Is pentesting the right job for you? MyFREE Udemy course will help you answer it through a practical pentest mission example.

Enroll for FREE

Overcome your struggles and become a successful bug bounty hunter!

Master bug bounty hunting through Anna's journey, uncovering the mindset, tactics, and skills needed to thrive and succeed in the game

Read it NOW

Categories

  • burp suite
  • Hacking
    • bug bounty
    • Penetration testing
    • red team
  • OWASP
    • OWASP juice shop
    • OWASP Top 10
      • OWASP Top 10 training
      • OWASP Top 10 vulnerabilities
    • OWASP WebGoat
    • OWASP ZAP
  • Secure coding
  • Uncategorized

Overcome your struggles and become a successful bug bounty hunter!

Get you Free hacking lab VM

free-hacking-lab-vm
free-hacking-lab-vm
© 2025 thehackerish | Built using WordPress and SuperbThemes