Bug hunting field is full of resources, some are basic, some are noisy, and some are clever. To help others create a clear study roadmap, I plan to share my opinion on every resource I come across.
This post reviews the second book I've read in bug hunting: "Bug Bounty Playbook V2" by Alex Thomas. This book is a great introduction to different exploitation approaches. Here are my thoughts:
The Content
The introduction wasn't the best start because it repeats the last third of the first book. Nearly the first 50 pages are duplicates, they cover basic hacking for CMS (like WordPress), GitHub, databases, and brute forcing. However, if you ignore the duplication, these sections are very informative for beginners and intermediates.
After the introduction, the book covers a wide range of OWASP vulnerabilities and a large section on API hacking. I particularly liked the API section, as it introduces GraphQL, REST, RPC, and SOAP (different API technologies). This section might be challenging for many since APIs are often an unfamiliar topic, but it is very valuable and presented in an easy-to-understand way.
The book explains OWASP vulnerabilities using practical examples and screenshots. This makes it easy to visualize the attacks, which is a great way to learn.
My Rating
I recommend this book to anyone interested in bug hunting. It shows a great diversity of exploits from many different sources. While the API section might be a struggle for some, the book is excellent for introducing core concepts.
However, reading a book won't make you a security specialist, that level requires a lot of hands-on experience. You won't become an expert hacker after finishing this book. As the author mentions, after reading both versions, you will be at a "high-beginner" or "low-intermediate" level. So you should know that you still have a long way to take.
Expertise is gained through time, effort, and engaging with the community (usually after a year or more of hard work). No one starts as an expert. If you want to make progress, you have to put in some effort.
If you are seeking opinions about the first version of the book, you can check my review here: [Medium Link]