SlideShare a Scribd company logo

How to Start a Career in Bug Bounty Hunting

A
Arbin Godar
1 of 12
Download to read offline
Bug Bounty - Hackers Job Arbin Godar (@arbingodar)
Arbin Godar #whoami - Student @ Trinity International College - Guy interested in web security - A mediocre programmer, hobbyist etc.
Acknowledged by etc….
What is Bug Bounty? Paying monetary reward to security researchers for certain qualifying security bugs. Hacker find security bug and reported bug on Example Example security team triaged the bug Example pays $$$ according to it’s impact
Why companies run bug bounty program? - Fastest way to improve security publicly - Safety - Cost effective
Why bug hunting? - To make money - To have fun - To build strong portfolio - To be challenged etc.
“ Hacking is a lifelong journey of learning. ” - https://www.owasp.org/index.php/ Category:OWASP_Top_Ten_Proje ct - https://hackerone.com/blog/what- great-hackers-share - https://forum.bugcrowd.com/t/rese archer-resources-how-to-become- a-bug-bounty-hunter/1102 References / Links:
How to start bug hunting ? - Practice makes a man perfect - Reading : books , proof of concepts - Requires little programming knowledge - Think logically
Popular bug bounty programs and platforms - Facebook, Google, Twitter, Yahoo, PayPal etc. - Platforms: HackerOne , Bugcrowd, Cobalt, Synack etc.
Submitting Bug Report - Title - Description of bug - Step to Reproduce the bug - Impact - Suggested Fix
For Motivation
Thank You! Arbin Godar (@arbingodar) pentester.arbin@gmail.com www.arbingodar.com

Recommended

Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets n|u - The Open Security Community
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Saying Hello to Bug Bounty
Saying Hello to Bug BountySaying Hello to Bug Bounty
Saying Hello to Bug BountyNull Bhubaneswar
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Sagar M Parmar
 

Recommended

Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016Bug Bounty Hunter Methodology - Nullcon 2016
Bug Bounty Hunter Methodology - Nullcon 2016bugcrowd
 
Bug Bounty Secrets
Bug Bounty Secrets Bug Bounty Secrets
Bug Bounty Secrets n|u - The Open Security Community
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Bug Bounty - Play For Money
Bug Bounty - Play For MoneyBug Bounty - Play For Money
Bug Bounty - Play For MoneyShubham Gupta
 
The Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameThe Game of Bug Bounty Hunting - Money, Drama, Action and Fame
The Game of Bug Bounty Hunting - Money, Drama, Action and FameAbhinav Mishra
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Saying Hello to Bug Bounty
Saying Hello to Bug BountySaying Hello to Bug Bounty
Saying Hello to Bug BountyNull Bhubaneswar
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Sagar M Parmar
 
Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - BeginnersHimanshu Kumar Das
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionMikhail Egorov
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
Bug bounty
Bug bountyBug bounty
Bug bountyn|u - The Open Security Community
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir
 
Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...Jason Hong
 

More Related Content

What's hot

Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionMikhail Egorov
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...HackerOne
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptxPeter Yaworski
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Shubham Gupta
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty BasicsHackerOne
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspectiveSecuRing
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaCODE BLUE
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingAnurag Srivastava
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample ReportOctogence
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing Priyanka Aash
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir
 

What's hot (20)

Bug Bounty for - Beginners
Bug Bounty for - BeginnersBug Bounty for - Beginners
Bug Bounty for - Beginners
 
Neat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protectionNeat tricks to bypass CSRF-protection
Neat tricks to bypass CSRF-protection
 
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
Bounty Craft: Bug bounty reports how do they work, @sushihack presents at Nu...
 
Bug bounty
Bug bountyBug bounty
Bug bounty
 
Hackfest presentation.pptx
Hackfest presentation.pptxHackfest presentation.pptx
Hackfest presentation.pptx
 
Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016Bug Bounty #Defconlucknow2016
Bug Bounty #Defconlucknow2016
 
Bug Bounty Basics
Bug Bounty BasicsBug Bounty Basics
Bug Bounty Basics
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
REST API Pentester's perspective
REST API Pentester's perspectiveREST API Pentester's perspective
REST API Pentester's perspective
 
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki ChidaIDA Vulnerabilities and Bug Bounty  by Masaaki Chida
IDA Vulnerabilities and Bug Bounty  by Masaaki Chida
 
Introduction to Web Application Penetration Testing
Introduction to Web Application Penetration TestingIntroduction to Web Application Penetration Testing
Introduction to Web Application Penetration Testing
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Web PenTest Sample Report
Web PenTest Sample ReportWeb PenTest Sample Report
Web PenTest Sample Report
 
Web Application Penetration Testing
Web Application Penetration Testing Web Application Penetration Testing
Web Application Penetration Testing
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration Testing
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?
 

Similar to How to Start a Career in Bug Bounty Hunting

Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Nilesh Sapariya
 
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...Jason Hong
 
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”Casey Ellis
 
4 Synthesis Essay Examples Which. Online assignment writing service.
4 Synthesis Essay Examples Which. Online assignment writing service.4 Synthesis Essay Examples Which. Online assignment writing service.
4 Synthesis Essay Examples Which. Online assignment writing service.Danielle Davis
 
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMECasey Ellis
 
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...apidays
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamMohammed Adam
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012DefCamp
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pestspeterhitch
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Mazin Ahmed
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...CiNPA Security SIG
 
Best practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 programBest practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 programSecurly
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseNathan Case
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!CiNPA Security SIG
 
Defcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hackerDefcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hackerDefCamp
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Vasile
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingMuhammad Khizer Javed
 

Similar to How to Start a Career in Bug Bounty Hunting (20)

Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015Cyber Security Workshop @SPIT- 3rd October 2015
Cyber Security Workshop @SPIT- 3rd October 2015
 
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...
Statistical Analysis of Phished Email Users, Intercepted by the APWG/CMU Phis...
 
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
Release The Hounds: Part 2 “11 Years Is A Long Ass Time”
 
4 Synthesis Essay Examples Which. Online assignment writing service.
4 Synthesis Essay Examples Which. Online assignment writing service.4 Synthesis Essay Examples Which. Online assignment writing service.
4 Synthesis Essay Examples Which. Online assignment writing service.
 
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIMERELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
RELEASE THE HOUNDS, PART 2: 9 YEARS IS A LONG ASS TIME
 
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slides
 
Nbt con december-2014-slides
Nbt con december-2014-slidesNbt con december-2014-slides
Nbt con december-2014-slides
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Bug bounty hunting
Bug bounty huntingBug bounty hunting
Bug bounty hunting
 
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012Social Enterprise Rises! …and so are the Risks - DefCamp 2012
Social Enterprise Rises! …and so are the Risks - DefCamp 2012
 
Protect Yourself From Internet Pests
Protect Yourself From Internet PestsProtect Yourself From Internet Pests
Protect Yourself From Internet Pests
 
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
Bug Bounty Hunting for Companies & Researchers: Bounty Hunting in Sudan and A...
 
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
NKU Cybersecurity Symposium: Active Defense - Helping threat actors hack them...
 
Best practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 programBest practices to shape and secure your 1:1 program
Best practices to shape and secure your 1:1 program
 
DIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident responseDIY guide to runbooks, incident reports, and incident response
DIY guide to runbooks, incident reports, and incident response
 
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!OISF Aniversary: Active Defense - Helping threat actors hack themselves!
OISF Aniversary: Active Defense - Helping threat actors hack themselves!
 
Defcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hackerDefcamp 2013 - Does it pay to be a blackhat hacker
Defcamp 2013 - Does it pay to be a blackhat hacker
 
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hackerDan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
Dan Catalin Vasile - Defcamp2013 - Does it pay to be a blackhat hacker
 
Basics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty HuntingBasics of getting Into Bug Bounty Hunting
Basics of getting Into Bug Bounty Hunting
 

How to Start a Career in Bug Bounty Hunting

  • 1. Bug Bounty - Hackers Job Arbin Godar (@arbingodar)
  • 2. Arbin Godar #whoami - Student @ Trinity International College - Guy interested in web security - A mediocre programmer, hobbyist etc.
  • 4. What is Bug Bounty? Paying monetary reward to security researchers for certain qualifying security bugs. Hacker find security bug and reported bug on Example Example security team triaged the bug Example pays $$$ according to it’s impact
  • 5. Why companies run bug bounty program? - Fastest way to improve security publicly - Safety - Cost effective
  • 6. Why bug hunting? - To make money - To have fun - To build strong portfolio - To be challenged etc.
  • 7. “ Hacking is a lifelong journey of learning. ” - https://www.owasp.org/index.php/ Category:OWASP_Top_Ten_Proje ct - https://hackerone.com/blog/what- great-hackers-share - https://forum.bugcrowd.com/t/rese archer-resources-how-to-become- a-bug-bounty-hunter/1102 References / Links:
  • 8. How to start bug hunting ? - Practice makes a man perfect - Reading : books , proof of concepts - Requires little programming knowledge - Think logically
  • 9. Popular bug bounty programs and platforms - Facebook, Google, Twitter, Yahoo, PayPal etc. - Platforms: HackerOne , Bugcrowd, Cobalt, Synack etc.
  • 10. Submitting Bug Report - Title - Description of bug - Step to Reproduce the bug - Impact - Suggested Fix
  • 12. Thank You! Arbin Godar (@arbingodar) pentester.arbin@gmail.com www.arbingodar.com