Learn about identifying and exploiting Denial of Service (DoS) vulnerabilities in bug bounty programs through this DEF CON 32 conference talk. Gain insights into various DoS attack types including N+1 errors, GraphQL crashing, and Cache Poisoning while examining real-world examples of their impacts. Master practical techniques for vulnerability discovery using automated scanning tools and manual testing methods. Explore how N+1 errors create redundant database queries that impact performance, discover methods to craft resource-intensive GraphQL queries that can crash servers, and understand cache poisoning techniques that disrupt service delivery. Study best practices for responsible vulnerability reporting to bug bounty programs, learn from common failures in the process, and understand the importance of staying current with emerging DoS attack vectors and mitigation strategies.
Practical Exploitation of DoS in Bug Bounty Programs
Overview
Syllabus
DEF CON 32 - Practical Exploitation of DoS in Bug Bounty - Roni Lupin Carta
Taught by
DEFCONConference
Related Courses
-
The Darkest Side of Bug Bounty - Understanding Problems and Solutions in Bug Bounty Programs
-
Critical Vulnerabilities and Bug Bounty Programs
-
Reflections on a Decade in Bug Bounties - From Novice to Seasoned Hunter
-
Best Practices for Structuring Effective Bug Bounty Programs
-
Top War Stories from Bug Bounty Hunting - High-Severity Exploits and Discoveries
-
Exploiting the Unexploitable - Advanced JavaScript Vulnerability Chains in Kibana
