Haxonomy : A Taxonomy for Web Hacking

Sammanfattning: This study aims to show that the information present in public vulnerability reports from bug bounty programs can be utilized to provide aid for individual security researchers when performing their research. This is done here by creating a taxonomy based on the attack surfaces on a website that were used by the author of a report when discovering a vulnerability. Reports are then indexed according to this taxonomy together with the discovered vulnerability, to provide statistics on which vulnerabilities are most commonly found on what attack surfaces. The taxonomy and the indexed reports, referred to as the Haxonomy, are then also used as the basis for a machine learning algorithm which is trained to provide guidance to bug bounty hunters. It is concluded that this proof-of-concept, if developed fully, can be used to improve the success rate of individual security researchers operating on bug bounty platforms.