How to Find XSS on Modern Web Applications: A Bug Bounty Guide
HTML-код
- Опубликовано: 9 фев 2025
- Tired of outdated XSS tutorials that don’t work on real bug bounty programs? In this video, we dive deep into finding Cross Site Scripting (XSS) vulnerabilities on modern web applications like those built with React. Learn how developers are building secure frontends and discover hands-on techniques to identify XSS vulnerabilities even in today’s hardened environments.
Whether you're a beginner in cybersecurity or an experienced bug hunter, this guide will help you refine your approach and stay ahead of the curve. 🚀
🔍 What You'll Learn:
How modern applications handle XSS
The basics of Cross Site Scripting and common attack vectors
How React secures applications by default
Hands-on examples of finding XSS vulnerabilities in React apps
Subscribe to Bugbounty With Marco for more cybersecurity insights!
My links:
👉 www.hackerone....
👉 / bugbountywithmarco
#BugBounty #Cybersecurity #XSS #WebSecurity #ReactJS #EthicalHacking
Thanks for the video
I’m learning so much from this community
I can’t wait to give back
Thanks! What topic would you like to see next?
@@bugbountywithmarco SQL injections is what I’m on RUclips looking up now
Bro great video, i truely love the pace…keep it man..
@@poiuymnbvc8339 thanks!
Excelente vídeo, não pude deixar de notar que você é brasileiro. Estou começando agora, ainda na busca do meu primeiro bug
bons estudos amigo!
Thanks, nice work. Keep going!
thanks!
Can you make a series for hunting xss?? Showing how to exploit xss in different ways
@@poiuymnbvc8339 that’s something I wanted to do. I have some application that I developed myself that i can use for demonstration
Can you start a series in which you explain bugs which a not hunted by many hunter
@@SumitYadav-lr5vy of course! I have a scheduled video here about non common vulnerabilities
Thanks, nice explanation
nice to know that! Is there any other vulnerability you would like to see in the perspective of a web software engineer?
I am just beginner in this field so just learning from internet Portswigger labs, RUclips, you etc any help appreciate
nice to know that, i’ll be posting about other bugs soon
Thanks
keep making more videos
thanks for the feedback. What topic would you like to see next?
hey i have noticied u reported many vulnerabilities in hacker one may i know what kind of those vulnerabilities are? do those are xss? or what
my top 3 most reported vulnerabilities is: business logic errors, IDOR, and Improper Access Control
@@bugbountywithmarco oh thanks & interesting
So about doom xss
So as a beginner who just started bug Bounty what types of bugs will you recommend him to hunt for ?
@@SumitYadav-lr5vy i would suggest you to start with one of these: IDOR, Business Logic Errors or Broken Authorization.
Specially business logic errors, that may not be as popular as the other ones.
@@bugbountywithmarco can you recommend me some recourse because business logic error doesn't have good resources?
@@SumitYadav-lr5vy actually to find a business logic error vulnerability you need to understand the business of the application you are testing.
For example: a dating app allows the user to send messages to another user only when they have a match. But what if the user can actually send messages to a person before the match?
@@bugbountywithmarco it is like bac related issues
@@SumitYadav-lr5vy a little similar issue
After watching this video I think it is not worth it to look for xss zo which vulnerability should i learn apart from improper access control
my next video will be about some different xss techniques, maybe it can help you
none of your social links are working btw
thanks for the tip. I believe this is happening because this channel was just created.
You can find the clickable links in my channel page though