The most important thing in looking for vulnerabilities is the experience and the knowledge gained; however, the use of different tools also plays an important factor. It is not the same as spending a lot of hours reviewing HTTP requests manually and eating tacos at your desk. We will be configuring a little list with testing strings, applying filters to HTTP responses, and finding more vulnerabilities. And remember that you are in a race with other bug bounty hunters, and it is important to have the capability to cover most of the application's surface in order to be more successful.

In this chapter, we will review the most used tools for web application security assessments. In general; most of them are open source and free; we will also mention some tools that are licensed, which I think add great value in bug bounty hunting.

We will cover the following topics in this chapter:

• What tools to use
• How to use them
• Where to use them