Cyber Shelf

// Prerequisites

What to read before Real-World Bug Hunting

If Real-World Bug Hunting feels too steep at beginner level, here is what to read first. Lighter books in the same topics that build the prerequisites this one assumes.

Web SecurityOffensiveBug Bounty

  1. 01 · 2021

    Bug Bounty Bootcamp

    Vickie Li's pragmatic walk through the bug-bounty workflow, from picking a program and recon to reporting findings that actually pay out.

    Beginner
    4/5Vickie Li

  2. 02 · 2014

    Penetration Testing

    Georgia Weidman's lab-driven introduction to pentesting, walking the reader from setting up a target environment through scanning, exploitation, post-exploitation, and reporting.

    Beginner
    4/5Georgia Weidman

  3. 03 · 2020

    Web Security for Developers

    Malcolm McDonald's developer-side primer on the OWASP-class issues, framed around real attacks and defended with code patterns rather than vendor products.

    Beginner
    4/5Malcolm McDonald

  4. 04 · 2023

    Black Hat GraphQL

    Aleks and Farhi on attacking GraphQL specifically: introspection abuse, batching, depth and complexity attacks, auth flaws, and the differences from REST that make GraphQL pentests their own discipline.

    Intermediate
    4/5Nick Aleks, Dolev Farhi

  5. 05 · 2022

    Hacking APIs

    Corey Ball's structured approach to attacking REST and GraphQL APIs: enumeration, auth flaws, business logic, mass assignment, and the testing harness around them.

    Intermediate
    4/5Corey J. Ball

  6. 06 · 2011

    The Web Application Hacker's Handbook

    The exhaustive reference for web app pentesting, comprehensive but increasingly a historical document.

    Intermediate
    4/5Dafydd Stuttard, Marcus Pinto

  7. 07 · 2014

    Countdown to Zero Day

    Kim Zetter's investigative reconstruction of Stuxnet, the joint US/Israeli operation that physically damaged Iranian uranium-enrichment centrifuges via a worm, and what its discovery revealed about state-level cyber capability.

    Beginner
    5/5Kim Zetter

  8. 08 · 2011

    Kingpin

    Kevin Poulsen's reconstruction of Max Butler's career — from white-hat consultant to running CardersMarket, the carding forum that consolidated the early-2000s underground — and the FBI investigation that finally took him down.

    Beginner
    5/5Kevin Poulsen
Back to Real-World Bug HuntingWhat to read after Real-World Bug Hunting