3 different types of methodologies for bug bounty on web application testing:
- owasp (open web application security project): There is no better reference guide than the OWASP Top 10 for web application testing. It ranks the ten most severe security weaknesses in web applications. Which helps for both red and blue teams as well as helping to improve internet security on a large scale by offering mitigation steps for each identified vulnerability.
Here are owasp top 10 vulnerabilities:
2. SANS (SysAdmin Audit Network and Security): SANS institute is a private U.S. for-profit company which is established in 1989. Sans is specialized in information security, cyber security, certifications. In cyber security there are different topics like cyber and network defenses, digital forensics, penetration testing and incident response.
Top 25 dangerous application vulnerabilities:
3. capec (common attack pattern enumeration and classification): The Common Attack Pattern Enumeration and Classification (CAPEC) “is a comprehensive dictionary and classification of different known attacks that can be used by analysts, developers, testers, and educators to advance community understanding and enhance defenses”
