Bug Bounty Arsenal and Skills | Bug Bounty Hunting with Owasp Zap

Bug Bounty Arsenal and Training

Swiss knife: Zed Attack Proxy

In order to be able to automate our discovery process, we need a couple of tools that help us to monitor and analyze the entire communication between the web application and our browser. We need to target manipulation of the client ‘request’ and be able to understand the ‘response’ of the web server . This process can be complete seen by a Proxy, which acts as an intermediary between the client (our browser) and the web server hosting the application. ZAP is indeed a proxy application, that allows us to see the entire communication between the client (browser) and the web server. ZAP goes beyond that, it allow us to manipulate the entire request before is send to the web server.

ZAP is part of the OWASP projects and is one of the most actively maintained. Its creator Simon Bennetts works at Mozilla as a Security Engineer.

There are different commercial and open source tools that do the same, however ZAP as an open source tool, is free and it has some incredible features that allows us to automate the entire process and discover bugs more quickly.

ZAP has a great documentation and is very easy to install. Please refer to ZAP’s website: for download and installation.</br> Zap

The Bugs: Top Ten Vulnerabilities

The first step into bug hunting is to master the skill of identifying and understanding the top web vulnerabilities. Most bounty programs pay researchers and hackers to find them. Neal Poole was a bug hunter before he joined Facebook as security engineer. He has a quite impressive record hunting bugs for companies like Google, Yahoo and Facebook. With bug hunting , not only you get some money but you can also get a new job!

Which are the top vulnerabilities? the OWASP top ten offers an excellent overview of which are these, but if you want to understand them much better, the OWASP testing guide explains in quite detail how to execute the tests and you will be able to see how these vulnerabilities look like.

If you are familiar with the top ten that’s a good start but is not enough. You need to deep dive into how vulnerabilities are found and how they behave. The easiest way to do this is by practicing in an already vulnerable application by default. For practicing and studying purpose there are some great vulnerable apps we strongly recommend.Take the OWASP testing guide along with this exercise and you will be a ninja hunter in no time.