Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to get started in bug bounty
Search
Tushar Verma
June 18, 2021
Education
1
450
How to get started in bug bounty
Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission
Tushar Verma
June 18, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
120
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
620
Hacking OAuth Applications
e11i0t_4lders0n
1
1.9k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
740
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
530
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.2k
Other Decks in Education
See All in Education
Pre-enrollment Information for UTokyo International Students
utokyoissr2360
0
4.8k
View Manipulation and Reduction - Lecture 9 - Information Visualisation (4019538FNR)
signer
PRO
1
1.4k
Multimodal Interaction - Lecture 3 - Next Generation User Interfaces (4018166FNR)
signer
PRO
0
1.1k
Virtual and Augmented Reality - Lecture 8 - Next Generation User Interfaces (4018166FNR)
signer
PRO
0
1.2k
生成AIを活用できる大学教職員になる-基本と実践-
gmoriki
0
300
Digijulkaisut
matleenalaakso
1
8.6k
子どもたち創造的活動機会の必要性に関する提言/creativehub
codeforeveryone
0
260
Padlet opetuksessa
matleenalaakso
3
11k
SUMMER SCHOOL 2024
pnuslide
0
150
week3@tcue2024
nonxxxizm
0
510
前期教育実習事前指導0221
naradai
0
130
Data Management and Analytics Specialisation
signer
PRO
0
990
Featured
See All Featured
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
33
6k
A better future with KSS
kneath
231
16k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
13
8.3k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
21
1.4k
Six Lessons from altMBA
skipperchong
22
3k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
245
20k
Being A Developer After 40
akosma
66
580k
Learning to Love Humans: Emotional Interface Design
aarron
267
39k
Web Components: a chance to create the future
zenorocha
306
41k
Building Better People: How to give real-time feedback that sticks.
wjessup
356
18k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
126
32k
Creatively Recalculating Your Daily Design Routine
revolveconf
211
11k
Transcript
HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA
WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer
AGENDA • Learning path for Bug Bounty • Bug Bounty
Platforms • Report Writing/Bug Submission
WHAT IS BUG BOUNTY? Bug Bounty is a deal offered
by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX
AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application
Security Testing
FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web
Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile
application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •
Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist
Bugcrowd Vulnerability Rating Taxonomy
REPORT WRITING
• Vulnerability Name: • Technical Severity: • Vulnerable URLs: •
Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
THANK YOU