Questions

1. Why do sites offer bug bounty programs?
2. What's the value in participating in them?
3. What do we need to know to get the most out of this book?
4. What are some of the tools we'll be using? What are they for?
5. How can we make XSS alert() calls more effective?
6. Is it OK to think about how a vulnerability could be exploited? How about writing code to test that theory?
7. What's the law governing much of the criminal theory surrounding penetration testing?