Upgrade to Pro — share decks privately, control downloads, hide ads and more …

How to get started in bug bounty

How to get started in bug bounty

Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission

156a7b659a9b4aba83a8c0a33515a06f?s=128

Tushar Verma

June 18, 2021
Tweet

Transcript

  1. HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA

  2. WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer

  3. AGENDA • Learning path for Bug Bounty • Bug Bounty

    Platforms • Report Writing/Bug Submission
  4. WHAT IS BUG BOUNTY? Bug Bounty is a deal offered

    by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
  5. BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX

    AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
  6. CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application

    Security Testing
  7. FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web

    Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
  8. FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile

    application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
  9. BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •

    Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
  10. WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist

    Bugcrowd Vulnerability Rating Taxonomy
  11. REPORT WRITING

  12. • Vulnerability Name: • Technical Severity: • Vulnerable URLs: •

    Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
  13. GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25

    • Instagram: @e11i0t_4lders0n__ • Email: tushar.infosec@gmail.com
  14. THANK YOU