Thanks for visiting! The Macaw team was acqui-hired by Invision in January 2016, at which point Macaw was sunsetted. The software and book are no longer available, but this we're keeping this website up as a reminder of the fun we had. If you're interested in what the Macaw folks are up to now, go check out Clover.

Tutorial: Bug Bounty Masterclass

by Joe Chellman and Rex Rainey

Getting Started with Macaw cover

Build responsive websites with a cutting-edge application

Already own the book?
Download the assets » bug bounty masterclass tutorial

Don't start by trying to hack a login page with 10-layer security. Look for common, high-probability bugs: Don't start by trying to hack a login

Here’s a helpful review you can use or adapt for a (adjust the platform name or instructor as needed): bug bounty masterclass tutorial

Why should the company care? (e.g., "This exposes 1 million users' credit card info").

Always stick to the Program Policy . Respecting "Out of Scope" assets is the difference between a bounty and a legal headache.

Tutorial: Bug Bounty Masterclass

Don't start by trying to hack a login page with 10-layer security. Look for common, high-probability bugs:

Here’s a helpful review you can use or adapt for a (adjust the platform name or instructor as needed):

Why should the company care? (e.g., "This exposes 1 million users' credit card info").

Always stick to the Program Policy . Respecting "Out of Scope" assets is the difference between a bounty and a legal headache.

Big thanks to the Macaw team for making such a great tool and supporting this book!

Copyright © 2015 Joe Chellman and Rex Rainey