Aman Mahendra

Book’s: Tangle Web Security Guide Web Hacking 101 The Basics of Web Hacking: Tools and Techniques to Attack the Web Learning Pentesting Android Devices Android Hacker’s Handbook Learning IOS Pentesting Practical IOT Security Burp Suite Tool Attack Approach Essential of Burp Suite Browser Plugin’s : Chrome  :  http://resources.infosecinstitute.com/19-extensions-to-turn-google-chrome-into-penetration-testing-tool/ Firefox  :  http://resources.infosecinstitute.com/use-firefox-browser-as-a-penetration-testing-tool-with-these-add-ons/ Tool’s: https://bugbountyforum.com/tools/ https://forum.bugcrowd.com/t/researcher-resources-tools/167 Bug Bounty References: https://github.com/ngalongc/bug-bounty-reference https://github.com/Hack-with-Github/Awesome-Hacking Payload’s: fuzzdb  —  https://github.com/fuzzdb-project/fuzzdb SecLists  —  https://github.com/danielmiessler/SecLists NickSanzotta  —  https://github.com/NickSanzotta/BurpIntruder

1.Targeting the Bug Bounty Program How long you target the program ? If the Answer is Just Few Hour’s or a night, Then That’s where you are doing wrong .Bug Hunting is Matter of Skill’s and Luck .Spending just few hours on program’s could be waste Because those bugs are mostly reported.You May end up getting depressed by duplicates , would suggest to at least choose any program Spend a week on it . Big Bug’s Takes time. Take your time to understand the Functionality of the application. keep writing notes and track of Suspicious endpoint’s. Because you’re not going to earn much for known issue unless you’re very early to report. If you find out about a public program after 10/12 hours of its launching. Don’t waste your time looking for known issues or low hanging fruit .Just take a deep dive into the application. 2. How do you Approach the Target ? If Answer is Just by Signing up at Target , Checking For Vulnerabilities like CSRF, XSS,Subdomain’s etc , Then This Cou

I felt happy when I found the Cross Site Script vulnerability in the hindu newspaper website which is the most leading newspaper in India.It my pleasure that I helped them as a White Hat Web Application Security Researcher. This is my First Finding.                                                                About The Hindu The Hindu  is an  English-language   Indian  daily newspaper. Headquartered at  Chennai ,  The Hindu  was published weekly when it was launched in 1878, and started publishing daily in 1889. It is the second  most circulated English-language newspaper in India , with average qualifying sales of 1.45 million copies as of Jan−Jun 2016. [4]   The Hindu  has its largest base of  circulation  in southern India, and is the most widely read English daily newspaper in  Andhra Pradesh ,  Tamil Nadu  and  Kerala ,  Telangana ,  Karnataka . It is my Honor that I helped The Hindu. Here is a Proof of Concept of Cross Site Scripting Vulnerability in thehindu.co