Upgrade to Pro — share decks privately, control downloads, hide ads and more …

War of money - Bug Bounty

Zubair Ansari
June 14, 2020
Technology
0
87

War of money - Bug Bounty

A virtual session on "War of money - Bug Bounty" organized by WeArePlaymouths

Zubair Ansari

June 14, 2020
Tweet

More Decks by Zubair Ansari

See All by Zubair Ansari
OWASP TOP 10
officialzubairansari
1
120
Cloud Study Jams - GCP (Google Cloud Platform
officialzubairansari
0
12
WordPress Security
officialzubairansari
0
21
Introduction to DSC - Developer Student Clubs
officialzubairansari
0
15

Other Decks in Technology

See All in Technology
障害対応をちょっとずつよくしていくための 演習の作りかた
heleeen
1
1.8k
実例で紹介するRAG導入時の知見と精度向上の勘所
yamahiro
7
2k
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
2
600
How to Lead? Testimonial of a Lead Android Engineer
oleur
1
120
家族アルバム みてねにおけるGrafana活用術 / Grafana Meetup Japan Vol.1 LT
isaoshimizu
1
1.1k
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
5
18k
IaCジェネレーターとBedrockで詳細設計書を生成してみた
tsukasa_ishimaru
4
920
IaCからAWSに入門した初心者が CloudFormationを通して考えた「AWS操作」の使い分け
maimyyym
2
530
uvを使ってストレスフリーな Python開発をしよう!
r74tech
0
230
非同期推論システムによるコスト削減と信頼性向上
koki_nishihara
1
380
Azureの基本的な権限管理の勉強会
yhana
1
2.2k
Cloud Service Mesh に触れ合う
phaya72
1
260

Featured

See All Featured
Debugging Ruby Performance
tmm1
70
11k
What's in a price? How to price your products and services
michaelherold
238
11k
Statistics for Hackers
jakevdp
790
220k
Side Projects
sachag
451
41k
For a Future-Friendly Web
brad_frost
172
9k
Web Components: a chance to create the future
zenorocha
306
41k
Large-scale JavaScript Application Architecture
addyosmani
504
110k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
21
1.9k
Scaling GitHub
holman
457
140k
Practical Orchestrator
shlominoach
183
9.7k
From Idea to $5000 a Month in 5 Months
shpigford
378
45k
Fontdeck: Realign not Redesign
paulrobertlloyd
76
4.9k

Transcript

  1. ./war of money Bug Bounty

  2. #WHOAMI • Zubair Ansari • Web Application Penetration Tester •

    Founder of Arcotics • DSC Lead @ Google Developers

  3. #AGENDA • W2 bug hunting? • How to do bug

    hunting? • Secret tips • Experiments • Q/A

  4. #W2 bug hunting? • Process of earning ❌ • Process

    of doing experiments ✔

  5. #W2 bug hunting? • Ethical deal between COMPANY AND RESEARCHER

  6. #W2 bug hunting? • How? Company invites security researchers /

    platforms to test their application Research / Pen test Vulnerability found Report to company IT / Security team validate and FIX the issue Valid issues are rewarded

  7. #W2 bug hunting? • What researchers get? Real time experiences

  8. #W2 bug hunting? • Reliability ❌

  9. #How to do bug hunting?

  10. All you have to pay is…… • Passion • Time

  11. #How to do bug hunting? • Decide the area of

    Pentesting Network Pentesting Web Application Pentesting Clients Side Pentesting Wireless Pentesting Social Engineering

  12. #How to do bug hunting? • Web Application Pentesting

  13. #What next?...

  14. #Bug bounty platforms • Researchers do their real time experiments

    • Companies make their business secure and safe

  15. #Secret tips…

  16. #Secret tips • Try to avoid preprogrammed scripts (Code your

    own tools) • Try write quality reports. *Step by step approach *Instructions that can resolve the issue. *Use professional language • Think about learning always (Instead of money) • Always look at the path less visited • Don’t cry over duplicates. • Do not stop reading & doing experiments.

  17. #Experiments

  18. None
  19. None