I have helped Amazon's Information Security Organisation through their vulnerability disclosure program and bug bounty program for a numerous amount of years from when they first started on Bugcrowd (they have since joined HackerOne) and received recognition from them in 2018 for my research efforts.
It was also thanks to their great program that I met Jonathan Bouman and we have since collaborated together and managed to uncover even more vulnerabilities. I'm grateful to of met such an amazing talented hacker whilst making a friend for life.
zseano's methodology is aimed at using the site as intended and over time you will be faced with a feature or certain parameter and you'll understand what it is you should be looking for in this specific area, rather than spraying payloads and hoping for the best. For example a lot of people simply register & login and begin and then begin testing, usually because they are looking for one type of vulnerability (xss), but this means they're missing out the login and register flow which may be vulnerable to something such as Oauth token leak.
Hack for features and go through the site piece by piece, understanding how it works, parameters used, features available, and as you gain experience and time passes it'll become like second nature to you. The more you stick to one program, the more you learn and soon it'll feel like you know more about a site than the developers!
You will receive a signed hard copy of zseano's methodology to the address supplied when purchasing. Please note that shipping will begin from 15th January 2021 and will include tracking. The cover will be the one shown above as the limited edition bugbountyhunter is for level 3 members only.
BARKER is a fully functionable web application containing real bugs found on bug bounty programs, recreated for you to discover! BARKER is designed to go with zseano's methodology as it gives you a playground to instantly practise what you're learning. You can get access to BARKER and zseano's methodology when joining BugBountyHunter.