Free courses from frontend to fullstack and AI
Learn AI, Data Science & Business — Earn Certificates That Get You Hired
Overview
AI, Data Science & Cloud Certificates from Google, IBM & Meta — 40% Off
One plan covers every Professional Certificate on Coursera. 40% off Coursera Plus Annual.
Unlock All Certificates
Explore a conference talk from #NahamCon2022 featuring @zseano, who demonstrates the process of discovering and exploiting a cross-site scripting (XSS) vulnerability on .apple.com. Learn about initial reconnaissance techniques, fuzzing for XSS, achieving a working exploit, and building a proof of concept to potentially leak personally identifiable information (PII). Follow along as the speaker walks through each step of the bug bounty process, from initial discovery to crafting a compelling report. Gain insights into the mindset and methodology of successful bug hunters, and discover how to approach high-profile targets like Apple's domain.
Syllabus
Intro
Initial Recon & starting to fuzz for XSS
Achieving XSS
Working XSS - now what?
Back to recon
Building a proof of concept
Bounty?
Taught by
NahamSec