apt.txt

#############################
# ABOUT PENETRAITON TESTING #
#############################

website for Bug Bounty or Bug Hunter :

https://hackerone.com (me : https://hackerone.com/microclone-hacktivist)
https://www.bugcrowd.com
https://www.redstorm.io
https://www.antihack.me
https://www.cyberarmy.id


Tool for Bug Hunter :
BurpSuite, Owasp Zap, Dirsearch, XSStrike, Knoxss, XSShunter, Metasploit, Sublister, Aquatone, sqlmap, RED_HAWK, Acuentix, Netspraker, Whireshark, nmap, SET, PentestBox, PuTTY, BeEF, JTR, Kali Linux OS, ParrotSec OS


Orang yang saya kenal dengan Pentester :

- Robin (rootbakar___)
- Tomi (n00bSec)
- Putra Aji Adhari
- apapedulimu
- Eka Syahwan
- Santiago Lopez hacker from Argentina
- todayisnew (Eric)


Belajar Owasp
Bahasa Pemrogramman
CWE

Jenis bug :

Remote Code Execution
SQL Injection
Cross Site Scripting
XSS DOM
XSS Generic
XSS Reflected
XSS Stored
Open Redirect
Command Injection
Code Injection
Server-Side Request Forgery (SSRF)
CSRF (Cross-Site Request Forgery)
Clickjacling
SQLi Without quotes
Underflow Indeks Array
Brute Force
Buffer Over-read
Buffer Under-read
Buffer Underflow
Business Logic Errors
CLRF Injection
Classic Buffer Overflow
Cleartext Storage of Sensitive Information
Cleartext Transmission of Sensitive Information
Client-Side Enforcement of Server-Side Security
Command Injection - Generic
Cryptographic Issues - Generic
Denial of Service (DoS or DDoS)
Deserialization of Untrusted Data
Double Free
Forced Browsing
HTTP Request Smuggling
HTTP Response Splitting
Heap Overflow
Improper Access Control - Generic
Improper Authentication - Generic
Improper Certificate Validation
Improper Following of a Certificate's Chain of Trust
Improper Neutralization of HTTP Headers for Scripting Syntax
Improper Null Termination
Inadequate Encryption Strength
Incorrect Calculation of Buffer Size
Information Disclosure
Information Exposure Through Debug Information
Information Exposure Through Directory Listing
Information Exposure Through an Error Message
Insecure Direct Object Reference (IDOR)
Insecure Storage of Sensitive Information
Insufficient Session Expiration
Insufficiently Protected Credentials
Integer Overflow
Integer Underflow
Key Exchange without Entity Authentication
LDAP Injection
Leftover Debug Code (Backdoor)
Malware
Man-in-the-Middle
Memory Corruption - Generic
Missing Encryption of Sensitive Data
Missing Required Cryptographic Step
NULL Pointer Dereference
OS Command Injection
Off-by-one Error
Out-of-bounds Read
Password in Configuration File
Path Traversal
Phishing
Plaintext Storage of a Password
Privacy Violation
Privilege Escalation
Reliance on Cookies without Validation and Integrity Checking in a Security Decision
Remote File Inclusion
Resource Injection
Reusing a Nonce, Key Pair in Encryption
Reversible One-Way Hash
Security Through Obscurity
Session Fixation
Stack Overflow
Storing Passwords in a Recoverable Format
Type Confusion
UI Redressing (Clickjacking)
Unprotected Transport of Credentials
Unverified Password Change
Use After Free
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Use of Externally-Controlled Format String
Use of Hard-coded Credentials
Use of Hard-coded Cryptographic Key
Use of Hard-coded Password
Use of Inherently Dangerous Function
Use of Insufficiently Random Values
Use of a Broken or Risky Cryptographic Algorithm
Use of a Key Past its Expiration Date
Violation of Secure Design Principles
Weak Cryptography for Passwords
Weak Password Recovery Mechanism for Forgotten Password
Wrap-around Error
Write-what-where Condition
XML Entity Expansion
XML External Entities (XXE)
XML Injection