The first bug or vulnerability that we're gonna cover is information disclosure.

This falls under the cryptographic failure category in the OWASP top 10, which is the second most common security threat.

Now, OWASP is an independent non profit organization that is concerned about web security.

So they have no reason to skew these results.

So the results you see in there are based on tests that they've done and information they gathered themselves and based on that they rated the most common security threats, bugs and vulnerabilities and information disclosure falls within the cryptographic failure which is second on their list.

As the name suggests, these vulnerabilities allow you to access information that should not be attainable or visible to you.

I'm choosing to start with these bugs because they are simple but at the same time they are very common.

So they're great to serve as a warm up to get you used to the basics and to get your mind thinking like a hacker.

Also because these type of bugs tend to expose sensitive information, they can actually point you to other more dangerous bugs.

And they can also help you discover hidden parts of the target application which will increase the attack surface and therefore increase your chances of discovering other bugs.

Companies like Shopify, Snapchat and Starbucks were vulnerable to some sort of an information disclosure and they paid anything from 100 to 1000 of dollars to the hunters that discovered these bugs.

So keep your eyes open to everything that I'm gonna show you, make sure you understand it and practice it in the labs that I'm going to give you throughout this section, and you will be discovering your first bug and cashing out your first bounty in no time.