Download - Bug bounty cash for hack
![Page 1: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/1.jpg)
#Remember?
![Page 2: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/2.jpg)
# And?
![Page 3: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/3.jpg)
One More last And
![Page 4: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/4.jpg)
What Common?
#BugBounty
![Page 5: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/5.jpg)
Bug Bounty
Cash for Hack
![Page 6: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/6.jpg)
Who Am I (#whoami)
Atul Shedage
@atul_shedage
![Page 7: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/7.jpg)
Instructor at suruji.com
Bug Bounty Hunter (only when ever I run out of money :P)
Creator of SVWA (suruji vulnerable web application)
Laravel Developer (PHP Framework)
Bsc Graduate (Msc Under Progress)
![Page 8: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/8.jpg)
Lucky Enough
![Page 9: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/9.jpg)
And
![Page 10: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/10.jpg)
Anddddd
![Page 11: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/11.jpg)
Agenda
• What is BugBounty.
• History.
• Why to join BugBounty.
• Bug Bounty Programs and Platforms.
• How to Start with Bug Bounties.
• Tools to Use.
• Reporting / Bug Submission
• My Experience with Bug Bounty.
![Page 12: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/12.jpg)
What is #BugBounty?
• Also called As VRP (Vulnerability Reward Program)
• Company (Security Team/Vendor) Create Program. Offer Cash , HOF , Swag. Fix Bugs. Acknowledge Your work.
• Researchers / Bug Hunter Hit Target and Get Bugs. Sometimes Duplicates , Sometime $$$ , Sometimes Swag. Recheck Bug after fix. Write Blog Post.
![Page 13: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/13.jpg)
History
Image Credit crowdcurity.com
![Page 14: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/14.jpg)
Why to Join BugBounty?
• $$$$
• Swag (Tshirts + Stickers + Mugs + Company Gadgets)
• Free Service
• HOF
![Page 15: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/15.jpg)
Bug Bounty Program and Platform
• Popular Programs– Google (Min 100$ & Max 20000$)
– Yahoo (Min 50$ & Max 15000$)
– Facebook (Min 500$)
– Want to know more?• Github
• Etsy
![Page 16: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/16.jpg)
Want few more?
• https://bugcrowd.com/list-of-bug-bounty-programs/
• https://hackerone.com/programs
• https://www.crowdcurity.com/programs
![Page 17: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/17.jpg)
Popular Platform
• BugCrowd
– Managed Security Programs for company
– 14300 world wide researchers
– 200+ Programs
• HackerOne
– Security Inbox for company
– 70+ Public Programs
– $1.9M Paid
• Synack
• CrowdCurity
![Page 18: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/18.jpg)
How to start with BugBounties
• Theory OWASP Top 10 WASC 26 Classes
• Practical's SVWA (Suruji Vulnerable Web Application) OWASP Mutillidae DVWA Hack.me
• Read Blog Post
• Follow Some researchers on Twitter
![Page 19: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/19.jpg)
http://h1.nobbd.de/
![Page 20: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/20.jpg)
Key Points
![Page 21: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/21.jpg)
![Page 22: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/22.jpg)
Ninja Skills? No Way!!!!
![Page 23: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/23.jpg)
Common Bugs
• Xss
• CSRF (Cross Site Request Forgery)
• Business Logical
• Insecure Direct Object References
• ClickJacking
• Session Management and BruteForce
• 0 Day CMS Vulnerabilities
![Page 24: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/24.jpg)
• BurpSuite (http://portswigger.net/)
• Google,Bing,Yahoo (Google Dorks)
• Mozilla Addons
Tampar Data
HackBar
Live HTTP Headers
User Agent Switcher
![Page 25: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/25.jpg)
Reporting and Bug Submission
• Make Standard format
Vulnerability Name
Domain
Vulnerable Subdomain
Infected URL
POC (Proof Of Concept)
Browser / Operating System
Description
![Page 26: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/26.jpg)
My Experience
![Page 27: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/27.jpg)
https://hackerone.com/reports/41409
![Page 28: Bug bounty cash for hack](https://reader031.vdocument.in/reader031/viewer/2022013115/55a5f3371a28abf13d8b4725/html5/thumbnails/28.jpg)
Any Questions?