Slide 6
Slide 6 text
Some of the cool bugs that you should be focussing on are :
-OWASP TOP 10 LLM Vulnerabilities : Prompt Injection, Data leakage, Inadequate sandboxing,
Unauthorised Code execution, SSRF Vulnerabilities, Overreliance over LLM content, Inadequate
AI alignment, Insufficient access control, Improper error handling and training data poisoning.
-Automation : Start learning basic scripting, setup the system, for instance, of yaml based tools,
for fuzzing vulnerabilities such as Redirection attacks, Injection attacks as well as automating
your web-proxy tools for custom enumeration.
-Server Side Bugs : These includes the famous SSRF (as mentioned above), Sensitive
Information Disclosure through enumeration and exploitation, SSL related bugs that can’t be
“completely” enumerated with the help of automated tools, as well as taking API and Web as a
single component while hunting for bugs.
COOL BUGS AND METHODOLOGY
Methodology : Approach each target with basic scan automation. First, work over parametric-based
issues (use paramspider + httpx), then move forward with S.I.D issues (use dirsearch / FFUF),
then functionality testing and it’s ethical abuse (use OWASP cheet sheet + Web-application
Hackers Handbook), next step forward with fuzzing extended targets (use feroxbuster) and finally
start working on manual approach of finding your favorite issues (Use OWASP cheetsheet), if there
are possibilities