4. What is Bug Bounty?
Paying monetary reward to security researchers for certain
qualifying security bugs.
Hacker find security bug and reported bug on Example
Example security team triaged the bug
Example pays $$$ according to it’s impact
5. Why companies run bug bounty program?
- Fastest way to improve security publicly
- Safety
- Cost effective
6. Why bug hunting?
- To make money
- To have fun
- To build strong portfolio
- To be challenged etc.
7. “ Hacking is a lifelong journey of
learning. ”
- https://www.owasp.org/index.php/
Category:OWASP_Top_Ten_Proje
ct
- https://hackerone.com/blog/what-
great-hackers-share
- https://forum.bugcrowd.com/t/rese
archer-resources-how-to-become-
a-bug-bounty-hunter/1102
References / Links:
8. How to start bug hunting ?
- Practice makes a man perfect
- Reading : books , proof of concepts
- Requires little programming knowledge
- Think logically
9. Popular bug bounty programs and platforms
- Facebook, Google, Twitter, Yahoo, PayPal etc.
- Platforms: HackerOne , Bugcrowd, Cobalt, Synack etc.
10. Submitting Bug Report
- Title
- Description of bug
- Step to Reproduce the bug
- Impact
- Suggested Fix