今日から始めるbugbounty

Transcript

1. ࠓ೔͔Β࢝ΊΔ bugbounty

2. ಺༰ •bugbountyͱ͸ •bugbountyͷར఺ •bugbountyͷ஫ҙ •bugbountyͷ࢝Ίํ •bugbountyͷӡ༻ •FAQ •͕࣌ؒ͋Ε͹

3. bugbountyͱ͸

4. bugbountyͱ͸ • ͍ΘΏΔʮ੬ऑੑใࠂʹର͢Δใ঑੍ۚ౓ʯ • ੬ऑੑ৘ใΛड͚෇͚ɺͦͷ৘ใʹର͓ͯۚ͠Λ෷͏

5. bugbountyͱ͸ • ւ֎Ͱ͸͔ͳΓҰൠతʢMicrosoftɺGoogleɺFacebookɺ MozillaɺUberɺAppleɺAdobeɺͦͷଞࢥ͍ͭ͘اۀ͸ͩ ͍͍ͨɻAmazon͸΍ͬͯͳ͍͔΋ʁʣ • ࠃ಺Ͱ͸αΠϘ΢ζ͞ΜɺLINE͞ΜɺϐΫγϒ͞Μɺ Zaim͞ΜɺChatWork౳͕࣮ࢪ

6. bugbountyͷར఺

7. bugbountyͷར఺ • αʔϏεଆͰίϯτϩʔϧ͕Ͱ͖Δ
 ίετɺظؒɺن໛ΛαʔϏεଆͰίϯτϩʔϧ͢Δ͜ͱ ͕Ͱ͖Δ • අ༻͸0ʙແݶ • ظؒ͸ࠓ͔Β͍ͭ·ͰͰ΋ •

   ن໛͸୯Ұͷػೳ͔ΒαʔϏεશମ·Ͱ

8. bugbountyͷ஫ҙ

9. bugbountyͷ஫ҙ • ϗϫΠτϦετܗࣜͰͷνΣοΫͷ୅ΘΓͰ͸ͳ͍
 ͋͘·Ͱ΋ิ׬ؔ܎ɻͨͩ͠ɺิ׬ؔ܎ͱͯ͠͸ඇৗʹ૬ੑ͕͍͍ • ʢҰൠతʹʮୈࡾऀػؔͷݕূʯͱͯ͠͸ड͚ೖΕΒΕͳ͍ͱࢥ͏ʣ • ඇެ։ঢ়ଶͰͷࣄલݕূ͸Ͱ͖ͳ͍
 ࣄલݕূͱͯ͠ެ։͢Δ͜ͱ͸Ͱ͖Δ͚Ͳɺ׬શඇެ։ʹ͸Ͱ͖ͳ ͍

   • Τϥʔϩά͸େྔʹ૿͑Δ
 ՄೳͰ͋Ε͹ઐ༻؀ڥΛ༻ҙͨ͠΄͏͕͍͍

10. bugbountyͷ࢝Ίํ

11. bugbountyͷ࢝Ίํ • ࣾ಺ௐ੔ • ઌʹ΍͹͍ͱ͜ΖΛͬ͘͟Γચͬͯमਖ਼͢Δ

12. bugbountyͷ࢝Ίํ • ੬ऑੑड෇༻ͷϑΥʔϜΛ࡞Δ
 ઌʹࣾ಺ମ੍Λߏங͢ΔͨΊ • ϓϥοτϑΥʔϜʹ৐Δ
 hackeroneɺbugbounty.jp

13. bugbountyͷӡ༻

14. bugbountyͷӡ༻ • ใࠂ͞Εͨ಺༰ͷτϥοΩϯά
 ϓϥοτϑΥʔϜʹ৐ͬͯ΋੬ऑੑ৘ใͷमਖ਼τϥοΩϯ ά·Ͱ͸ߦ͑ͳ͍ɻ
 ࣾ಺BTSͱඥ෇͚ͯͷ؅ཧ͸Ͱ͖ͳ͍ɻ
 खಈͰؤுΔ͔ɺͳΜΒ͔ͷ࢓૊Έ͕ඞཁ

15. bugbountyͷӡ༻ • ӡӦϝϯόʔͰͲ͜·ͰΧόʔ͢Δ͔ʁ
 ৘ใڞ༗ͷൣғ
 ػೳ։ൃͱ੬ऑੑमਖ਼ͷ༏ઌ౓ͷ݉Ͷ߹͍ • ʢ͜ͷลɺ֤ࣾʹฉ͍ͯ΋ͦΕͧΕಠࣗͬΆ͍ͷͰϊ΢ϋ ΢͕͋ΔͬΆ͍ʣ

16. FAQ

17. ͍͘Β͔͔Δʁ

18. ແྉͰ։࢝Մೳ ஈ֊తʹֹۚΛ্͍͚͛ͯ͹͍͍ ֤͕͍ࣾ͘Β͙Β͍͔͚ͯΔ͔͸ެ։ ৘ใ͔ΒਪଌՄೳ

19. ੬ऑੑͬͯΑ͘Θ͔Β ͳ͍Μ͚ͩͲɻɻɻ

20. ஌ࣝͳ͠Ͱ΋ग़དྷͳ͘͸ͳ͍ bugbounty.jpͳΒτϦΞʔδ Φϓγϣϯ͋Γ

21. Ͳͷ͘Β͍ใࠂ͕དྷΔʁ

22. ใ঑ֹۚͱαʔϏε࣍ୈ ใࠂ͕ଟ͗͢Δ৔߹ετοϓ΋͋Γ ֤ࣾͷެ։৘ใΛݟΔͱେମΘ͔Δ

23. ແྉͩͱใࠂདྷͳ͍ͷ Ͱ͸ʁ

24. ݱঢ়͸ಛʹࠃ಺ʹؔͯ͠͸ແྉͰ΋݁ߏདྷΔ ࿹ࢼ͠తͳਓͱ͔ɺϙΠϯτ໨తͷਓ΋͍ΔͬΆ͍ ʢόάϋϯλʔʹରͯ͠αʔϏε͕଍Γͯͳ͍ҹ৅ɻͨ ͩ͠ɺΤίγεςϜతʹ͸΋ͪΖΜ෷ͬͨ΄͏͕͍͍ͱ

25. ӡ༻͢Δ্Ͱͷ஫ҙ఺ ͸ʁ

26. ʮҰൠతʹ੬ऑ͔ʁʯͰ͸ͳ͘ʮαʔ Ϗεͱͯ͠੬ऑ͔ʁʯΛߟ͑Δ ͨͩ͠ɺӡ༻ͭͭ͠௚ͯ͠ߦ͘ͷ΋͋Γ

27. ΍ͬͯ͸͍͚ͳ͍͜ͱ ͸ʁ

28. ੬ऑੑใࠂܦ༝Ͱͷ߈ܸɺඃ֐΋ߟྀ ͢Δ͜ͱ ੬ऑੑͰͳ͍ͱ൑அ͢ΔͳΒɺमਖ਼· Ͱʹ૬खͷฦ౴Λ଴ͭ͜ͱ

29. ୈࡾऀݕূʹൺ΂ͯ໢ ཏੑ͕௿͍ͷͰ͸ʁ

30. ػೳతͳ໢ཏੑ͸͔֬ʹ௿͍ ͚Ͳɺ࣌ؒతͳ໢ཏੑ͸ߴ͍

31. ͜͏͍͏ͱ͜ΖͰ஫໨͞ ΕΔͱ߈ܸ͞ΕΔͷͰ͸ʁ

32. ͞Εͳͯ͘΋߈ܸ͞ΕͯΔ ίϛϡχέʔγϣϯͰ͖Δϙ ΠϯτΛ༻ҙ͢Δͱߟ͑Δ

33. ൑அͰ೉͍͠ϙΠϯτ ͸ʁ

34. ֹۚΛ͍͘Βʹ͢Δ͔͸͔ͳΓ೰ΉϙΠϯτ ͨͩ͠ɺ࠷ऴతʹ͸ʮαʔϏεͱ͍ͯ͘͠Β ʹ͢Δͷ͔ʁʯ࣍ୈͳͷͰɺҰൠతͳֹۚΛ ࢀߟʹͭͭͦ͠ΕͧΕͰܾΊ͍͍ͯ

35. ӡ༻Ͱ೉͍͠ϙΠϯτ ͸ʁ

36. ڴҖ౓ͷ௿͍੬ऑੑͱ௨ৗͷ ։ൃλεΫͱͷ݉Ͷ߹͍͕೉ ͍͠

37. ͕࣌ؒ͋Ε͹

38. ฐࣾͰ͸bugbountyΛchaos engineeringతʹҐஔ͚ͮͯΔ

39. ։ൃऀ͸جຊ௚઀bugbounty ͷIssueΛ୲౰͢Δ

40. ίϯτϩʔϧ͞Εͨ੬ऑੑใࠂΛৗʹ ड͚ଓ͚Δ͜ͱͰɺ੬ऑੑใࠂͷϋϯ υϦϯάεΩϧΛ޲্͍ͤͯ͘͞

41. Let’s bugbounty!