disclosing vulnerabilities for fun &...
TRANSCRIPT
Disclosing Vulnerabilities
FOR FUN & PROFIT
Nikhil.P.Kulkarni
www.twitter.com/nikchillz
Nikhil.P.Kulkarni
intro.me
Web Application Pen-testing
Bug Hunter Blogger
Listed in Various Hall Of Fames
Web Designer Researcher at CSPF
File Inclusion BUG
VULNERABILITY
DISCLOSURE
FULL DISCLOSURE
RESPONSIBLE DISCLOSURE
Tools Proxy:
Burp Suite
Web Scarab
Fiddler
And many more…!!!
Firefox Addons:
Tamper Data
Web Developer Extensions
Live HTTP Headers
Firebug
Hackbar
XSS Me
And many more…!!!
Optional:
Camtasia Studio(Screen Recorder)
Snipping Tool(Screenshots)
Useful Tools:
IRONWASP
XENOTIX
And many more…!!!
$100 to $20,000
$500 to $5000
500 to $3000
Unknown Price money (Approx. $50 to $10,000)
$500 + T-Shirt
https://bugcrowd.com/list-of-bug-bounty-programs/
Normal
Resume Resume with
HOF
Find Bugs
Report Them
Get Reward
Party
Broke
Never go for Full Disclosure without company’s permission.
Always see that, you’ve made a Responsible Disclosure before going for
Full Disclosure.
Stored XSS in the Official Website of
DELL
DEMO
XSS CSRF SQLi And many
more
Kislay Bhardwaj
Prasanna
Karthik Ranganath
And everyone else related to DEFCON Bangalore DC9180
Thank You
DEFCON
Bangalore Nikhil.P.Kulkarni www.facebook.com/nikchillz www.twitter.com/nikchillz