By Luke Stephens Apr 9, 2021How to Succeed in Bug Bounties as a Pentester TL;DR: As a pentester, when I first started bug bounties, it was hard. I had to change my hacking style to start earning decent money. Read on to find out exactly what changed. When I first started bug bounties, I… Read More
By Luke Stephens Apr 2, 2021Is Foundational Knowledge (Networking, Coding, Linux) Really That Important When Learning to Hack? I receive a lot of messages from people who are just starting out on their hacking journey. One of the most common questions that gets asked is "what prerequisite knowledge is required to start learning hacking?". This question comes in… Read More
By Luke Stephens Mar 24, 2021The Ultimate Guide to Finding and Escalating XSS Bugs What is XSS? Cross-Site Scripting (XSS) is the most common vulnerability discovered on web applications. It occurs when an attacker is able to execute client-side JavaScript in another user’s browser. XSS is a very interesting and dynamic bug class for… Read More
By Luke Stephens Mar 12, 2021How to Regex: A Practical Guide to Regular Expressions (Regex) for Hackers Regular Expressions (a.k.a regex, or regexp) is one of those things that has a fairly steep learning curve, but once you dedicate an hour or so to learning the basics, you will find that you will be far more efficient… Read More
By Luke Stephens Mar 10, 2021Introducing: Bugcrowd Tip Jar Currently one of the best* sources of Bug Bounty resources is Twitter. That’s why we’ve started tweeting more tips and techniques to educate our researchers. The thing is, Twitter is 10% laughs, 10% education and 80% cat memez. It’s an… Read More
By Luke Stephens Feb 18, 2021How to Find XXE Bugs: Severe, Missed and Misunderstood Introduction Every time I see an opportunity to attempt an External Entity Injection (XXE) attack I get excited. In my experience it has a high chance of success when compared to many other vulnerability types. Many of the XXE exploitation… Read More
By Luke Stephens Feb 5, 2021The 10 Most Common Bugs of 2021 So Far, and How to Find Them! We're a whole month into 2021 already - and what a month it has been! Something that I always find fascinating is keeping an eye on the most common bug classes that get submitted through our platform. I think that… Read More
By Luke Stephens Oct 27, 2020Spooky Bug! BOO! 👻 If you haven't noticed, the Bugcrowd logo kind of looks like a jack-o'-lantern 🎃 , which is really convenient because it's almost Halloween. It's going to be a great Halloween, I can feel it in my bones 🦴… Read More
By Luke Stephens Oct 14, 2020What Vuln Scanners Miss in API Testing Luke Stephens is a father, husband, hacker, pen tester, and full-time Application Security Engineer and Quality Assurance Training Manager at Bugcrowd APIs are the interface between an organization’s most sensitive data and the end-user. And they’re everywhere. The last decade… Read More
By Luke Stephens Oct 7, 2020These Are the Bugs You Should Look for in Late 2020 I have a pretty sweet job 😎. I get to read bug bounty submissions that blow my mind. I spend a considerable amount of time each day gathering my jaw from my office desk after reading about some face-melter P1s.… Read More
