Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to get started in bug bounty
Search
Tushar Verma
June 18, 2021
Education
1
470
How to get started in bug bounty
Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission
Tushar Verma
June 18, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
160
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
650
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
560
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
Other Decks in Education
See All in Education
5 Things Every L&D Pro Should Steal from Marketing
tmiket
0
160
The Task is not the End: The Role of Task Repetition and Sequencing In Language Teaching
uranoken
0
310
プログラミング基礎#4(名古屋造形大学)
yusk1450
PRO
0
120
地図を活用した関西シビックテック事例紹介
barsaka2
0
180
【2024 DojoCon】懇親会LT
teba_eleven
0
110
AI 時代軟體工程師的持續升級
mosky
1
2.2k
Bitcoin Lightning Network en pratique
rlifchitz
0
110
とある EM の初めての育休からの学び
clown0082
1
1.5k
Informasi Program Coding Camp 2025 powered by DBS Foundation
futura_dicoding29
0
110
Prógram La Liberazione
olafurtr90
0
170
Policing the Poor
oripsolob
0
130
Image compression
hachama
0
410
Featured
See All Featured
Making Projects Easy
brettharned
116
6k
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
59k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
A Philosophy of Restraint
colly
203
16k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.3k
Design and Strategy: How to Deal with People Who Don’t "Get" Design
morganepeng
129
19k
Building a Scalable Design System with Sketch
lauravandoore
461
33k
Building Your Own Lightsaber
phodgson
104
6.2k
Unsuck your backbone
ammeep
669
57k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Visualization
eitanlees
146
15k
KATA
mclloyd
29
14k
Transcript
HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA
WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer
AGENDA • Learning path for Bug Bounty • Bug Bounty
Platforms • Report Writing/Bug Submission
WHAT IS BUG BOUNTY? Bug Bounty is a deal offered
by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX
AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application
Security Testing
FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web
Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile
application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •
Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist
Bugcrowd Vulnerability Rating Taxonomy
REPORT WRITING
• Vulnerability Name: • Technical Severity: • Vulnerable URLs: •
Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email: tushar.infosec@gmail.com
THANK YOU