"The best way to learn about hacking is by getting your hands dirty."
"Hacking is not always about finding a single vulnerability but combining several weaknesses of an application into something critical."
Bug bounty programs often fall somewhere on the spectrum between black box and gray box testing (Hacking APIs, 2022).
Bug bounty programs offer a structured yet flexible testing environment. Hunters have enough information to guide their efforts efficiently (gray box elements) while still working from an external perspective without full access to the internal workings of the application (black box elements).
Please follow the instructions in INSTALL.md.
- There are many labs for you to practice web application security.
- After creating an account / logging in, you can start practice the labs in PortSwigger.
- Black Hat GraphQL By Nick Aleks, Dolev Farhi, 2023
- Hacking APIs By Corey Ball, 2022
- Bug Bounty Bootcamp by Vickie Li, 2021