Bug bounties, also known as responsible disclosure programmes, are setup
by companies to encourage security researchers to report vulnerabilities discovered
on their sites.
Some companies offer rewards, swag, hall-of-fame in their website.
If you’re web application security geek then this is the place to show your skills and also can earn some money.
You should follow some guidelines to be a successful bug hunter
Some companies offer rewards, swag, hall-of-fame in their website.
If you’re web application security geek then this is the place to show your skills and also can earn some money.
You should follow some guidelines to be a successful bug hunter
- Owasp Top Ten list.
- Book - Web Application Hackers Handbook.
- Blogs - Follow other security researcher blogs to learn from their findings, Nir Goldshlager, Oliver Beg, Jack, Egor Homakov, Neal Poole
- Tools - Burp proxy to intercept the traffic
- Firefox plugins-Tamper Data, Live HttpHeaders, Firebug, Wappalyzer
- VulnerableWebApps - For practicing - Webgoat, DVWA
- Bugbounty platforms - Hackerone, Bugcrowd, Cobalt - signup for these sites to submit reports to various sites
- Reports - Submit reports to the sites with good proof of concept, impact of vulnerability and remediation.
Post a Comment