# Resources-for-Beginner-Bug-Bounty-Hunters

## Vulnerabilities 💉
Compact descriptions of common vulnerability types with links to useful resources. 
### Online Resources
- [Owasp Top 10](https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project)
- [OWASP Testing Guide v4](https://www.owasp.org/index.php/OWASP_Testing_Project)
- [Bug Bounty Cheat Sheets](https://github.com/EdOverflow/bugbounty-cheatsheet) - by EdOverflow
---
## Cross-Site Scripting (XSS)
As we start to build this repository, we'll be adding more vulnerability types and resources for each one. XSS is a great place to start as it's one of the most popular and easiest vulnerabilities to find in a web application.

- [Hacker101](https://www.hacker101.com/sessions/xss)
- [OWASP XSS](https://www.owasp.org/index.php/Cross-site_Scripting_(XSS))
- [A comprehensive tutorial on cross-site scripting](https://excess-xss.com)
- [Google Application Security (XSS Guide)](https://www.google.com/intl/am_AD/about/appsecurity/learning/xss/)
- [What is PHP and why is XSS so common there?](https://www.youtube.com/watch?v=Q2mGcbkX550) - by LiveOverflow
- [Finding Your First Bug: Cross Site Scripting (XSS)](https://www.youtube.com/watch?v=IWbmP0Z-yQg) - by InsiderPhD
- [The 7 main XSS cases everyone should know](https://brutelogic.com.br/blog/the-7-main-xss-cases-everyone-should-know/) - [brutelogic](https://brutelogic.com.br/blog/about/)

## Cross-Site Request Forgery (CSRF)
- [Cross-Site Request Forgery Attack](https://www.youtube.com/watch?v=eWEgUcHPle0) - by PwnFunction

## XML External Entities (XXE)
- [XML External Entities ft. JohnHammond](https://www.youtube.com/watch?v=gjm6VHZa_8s) - by PwnFunction
## Insecure Direct Object Reference (IDOR)
- [Insecure Direct Object Reference Vulnerability](https://www.youtube.com/watch?v=rloqMGcPMkI) - by PwnFunction
- [Finding Your First Bug: Manual IDOR Hunting](https://www.youtube.com/watch?v=gINAtzdccts) - by Insider PhD
- [Burp Suite tutorial: IDOR vulnerability automation using Autorize and AutoRepeater (bug bounty)](https://www.youtube.com/watch?v=3K1-a7dnA60) - by STÖK & Fisher
## Open Redirect
- [Open Redirect Vulnerability](https://www.youtube.com/watch?v=4Jk_I-cw4WE) - by PwnFunction
## HTTP Parameter Pollution
- [HTTP Parameter Pollution Attacks](https://www.youtube.com/watch?v=QVZBl8yxVX0) - by PwnFunction
## Logic Errors
- [Finding Your First Bug: Business Logic Errors](https://www.youtube.com/watch?v=RobCqW2KwGs) - by InsiderPhD
## Remote Code Execution
- [Finding Your First Bug: Goal Setting / Remote Code Execution (RCE)](https://www.youtube.com/watch?v=5BTvTE3gEq8) - by InsiderPhD
---
back to [Intro Page](/README.md)