SP
Uploaded byShreya Pohekar
PDF, PPTX818 views

Road map to getting your first cve

The document discusses the importance of CVEs (Common Vulnerabilities and Exposures) and provides a roadmap for identifying and reporting vulnerabilities. It emphasizes learning from reviewing source code, understanding different coding styles, and writing effective reports. The author shares insights about common vulnerabilities and the submission process for bug reports.

Embed presentation

Download as PDF, PPTX
FIND YOUR 1ST CVE Shreya Pohekar NULL AHEMDABAD
Who am I??? Chapter lead Infosec girls | Ex-lead Null bhopal About Me Developer Security Researcher I blog at shreyapohekar.com Follow me Twitter - @shreyapohekar LinkedIn - Shreya Pohekar https://codevigilant.com/author/shreya_pohekar/
CVE's in a nutshell Why have a CVE The standard roadmap Learnings ??? Vulnerabilities to look for while hunting Where to submit bugs Contents Topics to be covered Any interesting story from my findings- The benefits of having the source code
COMMON VULNERABILITIES AND EXPOSURES A number given to a vulnerability identified. WHO'S A CNA ? CVE numbering authority. CVSS ?? Common vulnerability scoring system. Helps identifying the criticality of the vuln found. CVE's in a nutshell https://codevigilant.com/author/shreya_pohekar/
Why should you have a CVE???
Choose a target just like you do in bugbounty Set the code locally Move from code to feature or feature to code Found a vulnerabiity? Create a report Submit The road map
Major Learings BECOME GOOD AT WEB PENTEST Explore different vulnerabilites around web. LEARN SOURCE CODE REVIEW Reading lots of code gives immense understanding of the application. Also, makes you capable in identifying the vulnerable code as you see it. LEARN TO WRITE GOOD CODE Reading code also exposes us to different coding styles and best practices. REPORT WRITING You learn about how to build a well-formated, correct report.
XSS - Reflected/ Stored SQLI - Try with lower privilege levels RCE - file uploads being common place to look to XXE and insecure deserialization Directory traversal and directory listings SSRF - Check everytime you get an URL input field Vulnerabilities to look for
Submit you bugs https://cve.mitre.org/cve/request_id.html
Bounties with CVEs https://huntr.dev/
Any interesting story from my findings & The benefits of having the source code handy HTTPS://SHREYAPOHEKAR.COM/BLOGS/DONT-JUST-SANITIZE-BUT- ALSO-ESCAPE-A-FABLE-OF-SANITIZE_TEXT_FIELD/
Road map to getting your first cve

More Related Content

PDF
Ceh v5 module 19 evading ids firewall and honeypot
byVi Tính Hoàng Nam
 
PDF
Phishing Website Detection by Machine Learning Techniques Presentation.pdf
byVaralakshmiKC
 
PDF
Responding to Cobalt Strike
byChristopher Gerritz
 
PPTX
Zap vs burp
byTomasz Fajks
 
PPT
C# Variables and Operators
bySunil OS
 
PDF
Introduction to burp suite
byUtkarsh Bhargava
 
PPTX
Thick client pentesting_the-hackers_meetup_version1.0pptx
byAnurag Srivastava
 
PPTX
Advantages And Disadvantages In Email And Blogs
byalexandra
 
Ceh v5 module 19 evading ids firewall and honeypot
byVi Tính Hoàng Nam
 
Phishing Website Detection by Machine Learning Techniques Presentation.pdf
byVaralakshmiKC
 
Responding to Cobalt Strike
byChristopher Gerritz
 
Zap vs burp
byTomasz Fajks
 
C# Variables and Operators
bySunil OS
 
Introduction to burp suite
byUtkarsh Bhargava
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
byAnurag Srivastava
 
Advantages And Disadvantages In Email And Blogs
byalexandra
 

What's hot

PDF
Red Team Methodology - A Naked Look
byJason Lang
 
PPTX
mobile application security
by-jyothish kumar sirigidi
 
PPTX
Reconnaissance and Social Engineering
byVarunjeet Singh Rekhi
 
PPT
Pentesting Using Burp Suite
byjasonhaddix
 
PDF
Ceh v5 module 20 buffer overflow
byVi Tính Hoàng Nam
 
PDF
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
byscoopnewsgroup
 
PDF
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
PPTX
Easiest way to start with Shell scripting
byAkshay Siwal
 
PDF
Send More with Less: How to Improve PowerMTA Efficiency
byPort25 Solutions
 
PPTX
Catch Me If You Can: PowerShell Red vs Blue
byWill Schroeder
 
PPTX
Function overloading
bySelvin Josy Bai Somu
 
PDF
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
byYoram Orzach
 
PPT
OWASP Top Ten
byChristian Heinrich
 
PPTX
Service Discovery using etcd, Consul and Kubernetes
bySreenivas Makam
 
PDF
Pentesting GraphQL Applications
byNeelu Tripathy
 
PPTX
Destributed denial of service attack ppt
byOECLIB Odisha Electronics Control Library
 
PPT
C programming language character set keywords constants variables data types
bySourav Ganguly
 
PPTX
Dom based xss
byLê Giáp
 
Red Team Methodology - A Naked Look
byJason Lang
 
mobile application security
by-jyothish kumar sirigidi
 
Reconnaissance and Social Engineering
byVarunjeet Singh Rekhi
 
Pentesting Using Burp Suite
byjasonhaddix
 
Ceh v5 module 20 buffer overflow
byVi Tính Hoàng Nam
 
FedScoop Public Sector Innovation Summit DOD Enterprise DevSecOps Initiative ...
byscoopnewsgroup
 
Building Advanced XSS Vectors
byRodolfo Assis (Brute)
 
Easiest way to start with Shell scripting
byAkshay Siwal
 
Send More with Less: How to Improve PowerMTA Efficiency
byPort25 Solutions
 
Catch Me If You Can: PowerShell Red vs Blue
byWill Schroeder
 
Function overloading
bySelvin Josy Bai Somu
 
Network analysis Using Wireshark Lesson 11: TCP and UDP Analysis
byYoram Orzach
 
OWASP Top Ten
byChristian Heinrich
 
Service Discovery using etcd, Consul and Kubernetes
bySreenivas Makam
 
Pentesting GraphQL Applications
byNeelu Tripathy
 
Destributed denial of service attack ppt
byOECLIB Odisha Electronics Control Library
 
C programming language character set keywords constants variables data types
bySourav Ganguly
 
Dom based xss
byLê Giáp
 

Similar to Road map to getting your first cve

PPSX
Ids 004 cve
byjyoti_lakhani
 
PPT
Common Vulnerabilities and Exposures details
bynizlin1
 
PDF
BNYMellon - CVE 101.pdf
byTheresa Mammarella
 
PPTX
CVE_vs_CWE_Lecture_Presentation 1234.pptx
bybilalaptech14
 
PDF
Life of a CVE
byYadnyawalkya Tale
 
PPTX
AusCERT 2016: CVE and alternatives
byDavid Jorm
 
PPTX
IISF-March2023.pptx
byEoin Keary
 
PDF
JavaZone 2023: CVE 101: A Developer's Guide to the World of Application Security
byTheresa Mammarella
 
PPTX
Cm5 secure code_training_1day_system configuration
bydcervigni
 
PPTX
How to assign a CVE to yourself?
byRamin Farajpour Cami
 
PDF
Cve trends 20170531
byKazuki Omo
 
PDF
CRA - overview of vulnerability handling
byOlle E Johansson
 
PDF
Verizon 2015 DBIR VM portion
byTawnia Beckwith
 
PPTX
Geecon 2017 Anatomy of Java Vulnerabilities
bySteve Poole
 
PPTX
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
bylior mazor
 
PPTX
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
byEndgameInc
 
PDF
LonghornPHP - CVE 101.pdf
byTheresa Mammarella
 
PDF
CEH v12 Lesson 5 _ Vulnerability Assessment To (1).pdf
byTrungNguyn964221
 
PDF
Vulnerability Scanning Techniques and Vulnerability scores & exposures
byLearningwithRayYT
 
PPTX
CyberTechEurope.pptx
byMichael Roytman
 
Ids 004 cve
byjyoti_lakhani
 
Common Vulnerabilities and Exposures details
bynizlin1
 
BNYMellon - CVE 101.pdf
byTheresa Mammarella
 
CVE_vs_CWE_Lecture_Presentation 1234.pptx
bybilalaptech14
 
Life of a CVE
byYadnyawalkya Tale
 
AusCERT 2016: CVE and alternatives
byDavid Jorm
 
IISF-March2023.pptx
byEoin Keary
 
JavaZone 2023: CVE 101: A Developer's Guide to the World of Application Security
byTheresa Mammarella
 
Cm5 secure code_training_1day_system configuration
bydcervigni
 
How to assign a CVE to yourself?
byRamin Farajpour Cami
 
Cve trends 20170531
byKazuki Omo
 
CRA - overview of vulnerability handling
byOlle E Johansson
 
Verizon 2015 DBIR VM portion
byTawnia Beckwith
 
Geecon 2017 Anatomy of Java Vulnerabilities
bySteve Poole
 
Sailing Through The Storm of Kubernetes CVEs Meetup 29062023.pptx
bylior mazor
 
Vulnerability and Exploit Trends: Combining behavioral analysis and OS defens...
byEndgameInc
 
LonghornPHP - CVE 101.pdf
byTheresa Mammarella
 
CEH v12 Lesson 5 _ Vulnerability Assessment To (1).pdf
byTrungNguyn964221
 
Vulnerability Scanning Techniques and Vulnerability scores & exposures
byLearningwithRayYT
 
CyberTechEurope.pptx
byMichael Roytman
 

More from Shreya Pohekar

PDF
Getting started with google kubernetes engine
byShreya Pohekar
 
PDF
How to get into infosec
byShreya Pohekar
 
PDF
Server hardening methedologies
byShreya Pohekar
 
PPTX
Router pwning using bus pirate
byShreya Pohekar
 
PPTX
The arduino and iot
byShreya Pohekar
 
PPTX
Releasemyad internship
byShreya Pohekar
 
PPTX
releasemyad app
byShreya Pohekar
 
PPTX
Iot(security)
byShreya Pohekar
 
Getting started with google kubernetes engine
byShreya Pohekar
 
How to get into infosec
byShreya Pohekar
 
Server hardening methedologies
byShreya Pohekar
 
Router pwning using bus pirate
byShreya Pohekar
 
The arduino and iot
byShreya Pohekar
 
Releasemyad internship
byShreya Pohekar
 
releasemyad app
byShreya Pohekar
 
Iot(security)
byShreya Pohekar
 

Recently uploaded

PPTX
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
PDF
Talaria: A Sound-Driven Music Search Engine for Discovery Beyond Metadata
byShuen-Huei Guan
 
PDF
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PPTX
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
PDF
TopMate ES11 3-Wheel Electric Scooter: Comfortable, Stable Mobility for Every...
byTopmate
 
PPTX
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
PDF
Lightweight, Travel-Ready Freedom for Adults and Seniors
byTopmate
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
PPTX
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
PPTX
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
PPTX
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
PPTX
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
PPTX
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
PDF
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
PPTX
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PPTX
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 
AI in Marine Insurance Future of Smarter Risk, Faster Claims & Safer Shipping...
byAutomationEdge Technologies
 
Talaria: A Sound-Driven Music Search Engine for Discovery Beyond Metadata
byShuen-Huei Guan
 
Presentation of Cybersecurity and data protection
bytarikaityahya2
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
Spacewalk 2026 - Presented at the IMAX in Raleigh, NC
byAll Things Open
 
TopMate ES11 3-Wheel Electric Scooter: Comfortable, Stable Mobility for Every...
byTopmate
 
The Abomination of AI – keynote at ICoSCI 2026
byAlan Dix
 
Lightweight, Travel-Ready Freedom for Adults and Seniors
byTopmate
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
Understanding-Search-Algorithms_09-12-25.pptx
byshaikmahammedtauheed
 
AI Meets DBA Transforming Database Administration with Intelligence
byGeoPITS Global Pvt Ltd
 
apidays Australia 2025 | Building AI RAG Applications with No Code.pptx
byapidays
 
Storage-and-HCI-Positioning-update-sales.pptx
byhungungphu123
 
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
Unlocking Gen AI Capabilities Within UiPath Document Understanding
byDianaGray10
 
A CIO’s Guide to Salesforce AI Architecture, Governance, and Implementation R...
byKerry Millar
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
Migrating-Hadoop-to-Databricks-Ebook-FINAL.pptx
byssuserf37fc8
 

Road map to getting your first cve

  • 1.
    FIND YOUR 1STCVE Shreya Pohekar NULL AHEMDABAD
  • 2.
    Who am I??? Chapterlead Infosec girls | Ex-lead Null bhopal About Me Developer Security Researcher I blog at shreyapohekar.com Follow me Twitter - @shreyapohekar LinkedIn - Shreya Pohekar https://codevigilant.com/author/shreya_pohekar/
  • 3.
    CVE's in anutshell Why have a CVE The standard roadmap Learnings ??? Vulnerabilities to look for while hunting Where to submit bugs Contents Topics to be covered Any interesting story from my findings- The benefits of having the source code
  • 4.
    COMMON VULNERABILITIES ANDEXPOSURES A number given to a vulnerability identified. WHO'S A CNA ? CVE numbering authority. CVSS ?? Common vulnerability scoring system. Helps identifying the criticality of the vuln found. CVE's in a nutshell https://codevigilant.com/author/shreya_pohekar/
  • 5.
    Why should youhave a CVE???
  • 6.
    Choose a targetjust like you do in bugbounty Set the code locally Move from code to feature or feature to code Found a vulnerabiity? Create a report Submit The road map
  • 7.
    Major Learings BECOME GOODAT WEB PENTEST Explore different vulnerabilites around web. LEARN SOURCE CODE REVIEW Reading lots of code gives immense understanding of the application. Also, makes you capable in identifying the vulnerable code as you see it. LEARN TO WRITE GOOD CODE Reading code also exposes us to different coding styles and best practices. REPORT WRITING You learn about how to build a well-formated, correct report.
  • 8.
    XSS - Reflected/Stored SQLI - Try with lower privilege levels RCE - file uploads being common place to look to XXE and insecure deserialization Directory traversal and directory listings SSRF - Check everytime you get an URL input field Vulnerabilities to look for
  • 9.
  • 10.
  • 11.
    Any interesting story frommy findings & The benefits of having the source code handy HTTPS://SHREYAPOHEKAR.COM/BLOGS/DONT-JUST-SANITIZE-BUT- ALSO-ESCAPE-A-FABLE-OF-SANITIZE_TEXT_FIELD/