Anyone here that works on these kind of deep-dive type of security research? Can you give a TLDR of how do you usually set everything up to find these results?
As in, do you set up some sort of test environment/website with full debug logs and take if one step at a time from there? If so, how to you ensure that it is realistic and relevant to real world use since real-world architecture might differ from a setup that worked in your experiments?
I ask this because I used to do some bug bounties and it consisted of a lot of painful trial and error. I can't imagine anything new and profound can be found that way.
(PS in case it isn't obvious I didn't open up the research links and read in detail, hence a tldr)
I am a security researcher referenced in the winning web-hacking technique on that list ("Dependency Confusion" by Alex Birsan [1]) and was ranked 7th in Portswigger's 2019 issue [2,3]. My motto has always been "Learn to make it; then break it." In other words, I invest a lot of time familiarising myself with technologies and specifications before examining how their implementation might lead to security flaws. This process usually requires reading a lot of technical documentation and source code, and becoming acquainted with how organisations implement said technologies.
Once I feel comfortable with my understanding of the subject material, I start to think about how certain aspects of the technology could lead to security flaws or interesting areas of research. At times this may require out-of-the-box thinking or can even be the result of pure luck.
The "bug bounty" aspect of this all tends to come into play once I want to find case studies for my research.
As in, do you set up some sort of test environment/website with full debug logs and take if one step at a time from there? If so, how to you ensure that it is realistic and relevant to real world use since real-world architecture might differ from a setup that worked in your experiments?
I ask this because I used to do some bug bounties and it consisted of a lot of painful trial and error. I can't imagine anything new and profound can be found that way.
(PS in case it isn't obvious I didn't open up the research links and read in detail, hence a tldr)