Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to get started in bug bounty
Search
Tushar Verma
June 18, 2021
Education
1
470
How to get started in bug bounty
Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission
Tushar Verma
June 18, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
160
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
650
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
560
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
Other Decks in Education
See All in Education
Initiatives on Bridging the Gender Gap in the Technology Sector
codeforeveryone
0
130
Ilman kirjautumista toimivia sovelluksia
matleenalaakso
1
20k
Генезис казарменной архитектуры
pnuslide
0
190
ニュースメディアにおける生成 AI の活用と開発 / UTokyo Lecture Business Introduction
upura
0
240
【2024 DojoCon】懇親会LT
teba_eleven
0
100
2024年度秋学期 統計学 第12回 分布の平均を推測する - 区間推定 (2024. 12. 11)
akiraasano
PRO
0
130
5 Things Every L&D Pro Should Steal from Marketing
tmiket
0
150
ワクワク発見資料
akenohoshi
0
180
付箋を使ったカラオケでワイワイしましょう / Scrum Fest Okinawa 2024
bonbon0605
0
140
(説明資料)オンラインゆっくり相談室
ytapples613
PRO
0
230
とある EM の初めての育休からの学び
clown0082
1
1.5k
Поступай в ТОГУ 2025
pnuslide
0
19k
Featured
See All Featured
Product Roadmaps are Hard
iamctodd
PRO
50
11k
StorybookのUI Testing Handbookを読んだ
zakiyama
28
5.5k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
100
18k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
Into the Great Unknown - MozCon
thekraken
35
1.6k
Building Flexible Design Systems
yeseniaperezcruz
328
38k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
10
1.3k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Fashionably flexible responsive web design (full day workshop)
malarkey
406
66k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
133
33k
Done Done
chrislema
182
16k
The Cult of Friendly URLs
andyhume
78
6.2k
Transcript
HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA
WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer
AGENDA • Learning path for Bug Bounty • Bug Bounty
Platforms • Report Writing/Bug Submission
WHAT IS BUG BOUNTY? Bug Bounty is a deal offered
by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX
AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application
Security Testing
FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web
Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile
application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •
Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist
Bugcrowd Vulnerability Rating Taxonomy
REPORT WRITING
• Vulnerability Name: • Technical Severity: • Vulnerable URLs: •
Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
THANK YOU