bug bounty - hackers job
TRANSCRIPT
![Page 1: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/1.jpg)
Bug Bounty - Hackers Job
Arbin Godar (@arbingodar)
![Page 2: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/2.jpg)
Arbin Godar #whoami
- Student @ Trinity International College- Guy interested in web security- A mediocre programmer, hobbyist etc.
![Page 3: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/3.jpg)
Acknowledged by
etc….
![Page 4: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/4.jpg)
What is Bug Bounty?Paying monetary reward to security researchers for certain qualifying security bugs.
Hacker find security bug and reported bug on Example
Example security team triaged the bug
Example pays $$$ according to it’s impact
![Page 5: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/5.jpg)
Why companies run bug bounty program?
- Fastest way to improve security publicly- Safety- Cost effective
![Page 6: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/6.jpg)
Why bug hunting?
- To make money- To have fun- To build strong portfolio - To be challenged etc.
![Page 7: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/7.jpg)
“ Hacking is a lifelong journey of learning. ”
- https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
- https://hackerone.com/blog/what-great-hackers-share
- https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102
References / Links:
![Page 8: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/8.jpg)
How to start bug hunting ?
- Practice makes a man perfect- Reading : books , proof of concepts - Requires little programming knowledge- Think logically
![Page 9: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/9.jpg)
Popular bug bounty programs and platforms
- Facebook, Google, Twitter, Yahoo, PayPal etc.
- Platforms: HackerOne , Bugcrowd, Cobalt, Synack etc.
![Page 10: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/10.jpg)
Submitting Bug Report
- Title - Description of bug- Step to Reproduce the bug- Impact- Suggested Fix
![Page 11: Bug Bounty - Hackers Job](https://reader031.vdocument.in/reader031/viewer/2022013120/58ce84501a28ab210a8b63e7/html5/thumbnails/11.jpg)
For Motivation