Upgrade to Pro — share decks privately, control downloads, hide ads and more …

LINE Security Bug Bounty Program

LINE Security Bug Bounty Program

Keitaro Yamazaki (tyage)
LINE Application Security Team Engineer
https://linedevday.linecorp.com/jp/2019/sessions/S1-18

LINE DevDay 2019

November 20, 2019
Tweet

More Decks by LINE DevDay 2019

Other Decks in Technology

Transcript

  1. 2019 DevDay LINE Security Bug Bounty > Keitaro Yamazaki (tyage)

    > LINE Application Security Team Engineer
  2. > Security Engineer > LINE Security Bug Bounty Program Staff

    > Security Center / Application Security Team Keitaro Yamazaki (@tyage)
  3. 2020 More? 2018 $104,500 USD in Bounties 2016 Full-time Launch

    2019 Oct $100,000+ USD in Bounties 2017 $76,500 USD in Bounties 2015 Limited-time Launch History LINE Security Bug Bounty Program
  4. > Provide reward in exchange for bugs > Improve LINE

    services and company security > Launched in 2016 LINE Security Bug Bounty Program Goal of our Program
  5. Statistics in 2019 ( ~ 2019/10) LINE Security Bug Bounty

    Program Hackers 30+ Bounty $100,000+ Reports 250+
  6. Improper RegExp In regexp, dot means any character → ticketZline.me

    will pass Checks if event source origin is ticket.line.me
  7. Rules and Guideline Bug Bounty Program Guide We provide guideline

    of our program https://github.com/line/bugbounty Purpose of Bug Bounty Program is to protect users Do not steal other users’ credentials ! ʢWe recommend to use your own account or your friends account after you got permission to find/valid a bugʣ
  8. Ƃ > Famous Bug Bounty Platform > For Hackers: •

    Easy to publish bugs • Get reputation point by reporting the bugs > For Staffs: • Support of hackerone staff • More transparency Moved to hackerone since 11/15 IUUQTIBDLFSPOFDPNMJOF
  9. Statistics in 2019 ( ~ 2019/10) Received Reports via Hackerone

    Hackers 22+ Bounty $30,000+ Reports 80+