Practise hacking against a fully functioning website containing real life bug bounty findings recreated for you to discover. There are over 50 vulnerabilities with more being added regularly! Can you find them all?
Get in the hacker mindset and put your knowledge & skills to the test.
"I don't do a lot of CTF etc... due to the lack of realism but on this platform, the bugs are quite varied AND in a realistic environment, that's exactly what I'm looking for. I think this site is a good sequel for those who start on PortSwigger WebSecurity and / or TryHackMe."
Dubbed "BARKER", this website functions just like a real website except it contains real findings recreated for you to discover. Real findings on bug bounty programs. "BARKER" is designed to put your knowledge & skills to the test as you're blindly hunting for functionality and features and you are required to understand what is happening, instead of "there is XSS here, can you bypass the filter?".
Find the features, understand how things work and then and use your knowledge to discover vulnerabilities, true hacker style!
Learn how to identify vulnerabilities in websites at ease and understand more around application/business logic issues.
Your reports will be triaged by @zseano personally and help & feedback will be provided to help aid you in your hacker journey. After your report has been validated and accepted then you are free to share your writeup with other users of the platform because as always, sharing is caring.
With over 40+ vulnerabilities (and more added regularly!) to discover and the fact every hacker has their own approach, we want you to show off your finding proudly without fear of No Disclosure Agreements or harsh punishments from bug bounty platforms.
zseano's methodology is designed to be an easy to follow flow/checklist to help with identifying security vulnerabilities in web applications. Most people when starting in bug bounties will jump from program to program looking for anything they can, however focusing on one program and learing as much as you can about their scope & features will usually result in more bugs being discovered.
The guide contains a complete run-down of how zseano approaches hacking on web applications & how he applies this on bug bounty programs, including how to choose the right programs! From the very start with what he does when choosing a program, all the way to the end of what you should be aiming to automate to aid you in your hunting.
From simply testing websites as they were intended to be used zseano has managed to find over 800 unique security vulnerabilities affecting web applications, with 500+ vulnerabilities discovered just on TripAdvisor.
zseano even received recognition in 2018 from the Amazon.com Information Security Organisation for his security research work. The team over at Amazon, dubbed 'Project KIT' (Knights in Trust) are extremely friendly to work with and we recommend checking them out over at https://www.hackerone.com/amazonvrp
"The methodology has certainly made me think about the way I look at applications myself. It has helped me think better before starting an audit. What I still have trouble with is taking notes, I want to work on that even more. So far I am still too negligent about that. In any case, the methodology has given me an idea of how to tackle this. The way it is written is very accessible. Compared to other books on the same subject, the use of language is more in colloquialism than in technical writing. That is nice for a non-native English speaker like myself."
