The Bug Bounty Chronicles

Prasun RayPrasun Ray
2 min read

Table of contents

Introduction to web servers, web applications, and their configurations.

What is a "Web Server"
A web server is the core software/hardware that stores websites and facilitates the client-server communication required to view web pages over the internet. It acts as the gateway between a website's files and the World Wide Web.
Major web servers: Apache, Nginx, Microsoft IIS, and Google Web Server. Apache is one of the most widely used open-source web servers.
Types of Web Servers
A Web Server has been categorized into 3 major types: Static Web Server, Dynamic Web Server, and Content Management Systems (CMS).
A Web Server Configurations
A Web Server must contain the website's files, namely all HTML documents and their related assets, including images, CSS stylesheets, JavaScript files, fonts, and videos. It must have the following services installed in it... APACHE PHP PHPMyAdmin MySQL FTP SSH
A Web Application
A Web Application is an application software that runs on a web server. It includes online forms, shopping carts, word processors, spreadsheets, video and photo editing, file conversion, file scanning, and email programs such as Gmail, Yahoo, and AOL. Popular applications include Google Apps and Microsoft 365.
Web Application Configuration
Let’s setup & configure some vulnerable Web Applications as at: DVWA BWAPP MUTTILDAE SQLILAB
What is Bug Bounty
A Bug Bounty program is a deal offered by many websites, organizations, and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those about security exploits and vulnerabilities.

Platforms where you can hunt for the “bugs”:

Web Security Assessment(Vulnerability Assessment)

Web Security Assessment(Penetration Testing)

OWASP Top 10 and Common Vulnerabilities

OWASP or the Open Web Application Security Project is an international non-profit organization dedicated to web application security.

  • The OWASP Top 10 is a regularly updated report outlining security concerns for web application security, focusing on the 10 most critical risks.

  • OWASP refers to the Top 10 as an ‘awareness document’ and thus all companies incorporate the report into their processes in order to minimize and/or mitigate security risks.

OWASP Top 10

  1. Broken access control

  2. Cryptographic failures

  3. Injection.

  4. Insecure design.

  5. Security misconfiguration.

  6. Vulnerable and outdated components.

  7. Identification and authentication failures.

  8. Software and data integrity failures.

  9. Security logging and monitoring failures.

  10. Server-side request forgery

for more information about the top 10 OWASP visit --> OWASP<2021>

11
Subscribe to my newsletter

Read articles from Prasun Ray directly inside your inbox. Subscribe to the newsletter, and don't miss out.

bugbountyEthical HackingBurpsuite hacking tools

Written by

Prasun Ray
Prasun Ray