#65

4 DOs and DON’Ts for writing quality reports

None of us manual hackers has an infinite number of bugs to report. Sometimes, we need a few hours to find a bug but at other times, we need days or weeks. So when we finally have it, it would be stupid to write a poor report and get a bounty lower than we deserve....

Caido catching more traction

For a long time, Burp suite was basically the HTTP proxy that everyone was using despite numerous problems that we have had with it. However, Burp’s competitor - Caido is getting more and more traction recently and is getting more people onboard. I’m happy to see it...

Bounty of an Insecure WebView: XSS, but with Steroids

I get regularly asked about mobile bugs in bug bounty. I often say that many bugs regarding, for example, mobile storage that I reported during pentests, are not severe enough to qualify for a bounty. There are, however, bug classes that are definitely worth looking...