so I've been getting into bug hunting, and I lack developer experience. Completely. I can understand bits of pieces of code, with arrays, objects and functions. But I can't even begin to understand how a snipped of code is vulnerable to not sanitizing user input. There's no real "course" or resources out there that help me understand this from an offensive side. I'm also curious on how certain bits of code work with escaping techniques? I know this is a fairly broad question and can be answered in many forms. But does anyone suggest on what I can do to help get me better at this? I just don't understand how there's top bug hunters out there that don't understand, nor how to code and how they find some many vulnerabilities. For me it's like you have to understand the code to be able to see what is weird or isn't right about it. I've been trying to get myself comfortable with learning how to page is html encoding my payloads, and seeing what characters allowed, and what aren't. But then again, my lack of developer knowledge, I don't know even which payloads I should use for certain scenarios.
Any feedback would be greatly appreciated.
Aucun commentaire:
Enregistrer un commentaire