Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to get started in bug bounty
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Tushar Verma
June 18, 2021
Education
500
1
Share
How to get started in bug bounty
Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission
Tushar Verma
June 18, 2021
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
220
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
720
Hacking OAuth Applications
e11i0t_4lders0n
1
2.1k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
800
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
610
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.4k
Other Decks in Education
See All in Education
Data Representation - Lecture 3 - Information Visualisation (4019538FNR)
signer
PRO
1
2.9k
演習:Gitの基本操作 / 04-git-basic
kaityo256
PRO
0
390
Introduction - Lecture 1 - Advanced Topics in Big Data (4023256FNR)
signer
PRO
2
2.3k
演習:GitHubの基本操作 / 06-github-basic
kaityo256
PRO
0
240
Leveraging LLMs for student feedback in introductory data science courses (Stats Up AI)
minecr
1
250
【ベテランCTOからのメッセージ】AIとか組織とかキャリアとか気になることはあるけどさ、個人の技術力から目を背けないでやっていきましょうよ
netmarkjp
2
4.1k
環境・社会理工学院(建築学系)大学院説明会 2026|東京科学大学(Science Tokyo)
sciencetokyo
PRO
0
1k
What workforce agencies must have in place to compete for and deliver on RESTART grants
territorium
PRO
0
130
160人の中高生にAI・技術体験の講師をしてみた話
shuntatoda
1
420
Design Guidelines and Principles - Lecture 7 - Information Visualisation (4019538FNR)
signer
PRO
0
2.9k
Gitの中身 / 03-a-git-internals
kaityo256
PRO
0
160
Highest and Best Use: Development Considerations for Land Sites
rmccaic
0
170
Featured
See All Featured
Producing Creativity
orderedlist
PRO
348
40k
So, you think you're a good person
axbom
PRO
2
2k
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1.1k
Java REST API Framework Comparison - PWX 2021
mraible
34
9.2k
Being A Developer After 40
akosma
91
590k
Site-Speed That Sticks
csswizardry
13
1.1k
Evolving SEO for Evolving Search Engines
ryanjones
0
170
Bridging the Design Gap: How Collaborative Modelling removes blockers to flow between stakeholders and teams @FastFlow conf
baasie
0
500
The Cult of Friendly URLs
andyhume
79
6.8k
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
420
16th Malabo Montpellier Forum Presentation
akademiya2063
PRO
0
90
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
110
Transcript
HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA
WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer
AGENDA • Learning path for Bug Bounty • Bug Bounty
Platforms • Report Writing/Bug Submission
WHAT IS BUG BOUNTY? Bug Bounty is a deal offered
by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX
AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application
Security Testing
FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web
Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile
application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •
Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist
Bugcrowd Vulnerability Rating Taxonomy
REPORT WRITING
• Vulnerability Name: • Technical Severity: • Vulnerable URLs: •
Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
THANK YOU
e11i0t_4lders0n
signer
kaityo256
minecr
netmarkjp
sciencetokyo
territorium
.png){kind=avatar}
shuntatoda
rmccaic
orderedlist
axbom
joshbly
mraible
akosma
csswizardry
ryanjones
baasie
andyhume
portentint
akademiya2063
tmiket
