METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING - Speaker Deck

Tweet

Tweet

Slide 1

Slide 1 text

METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING By: Tushar Verma

Slide 2

Slide 2 text

WHOAMI Application Security Engineer Synack Red Team Member Bug Bounty Hunter

Slide 3

Slide 3 text

AGENDA What is Bug Bounty Hunting Bug Bounty Platform Scope Review and Target Selection Recon Methodologies Manual Testing Approach

Slide 4

Slide 4 text

WHAT IS BUG BOUNTY HUNTING

Slide 5

Slide 5 text

Bug Bounty Platform Bugcrowd Hackerone Intigriti YesWeHack HackenProof Cesspa Synack Private Programs

Slide 6

Slide 6 text

Scope Review and Target Selection Check the Description and Focus Area Check the In-Scope and Out-scope of the target Check the average response time Check the pay-out and How many vulnerabilities reported

Slide 7

Slide 7 text

Recon Methodologies Small Scope Recon – Specific sets of single URLs Medium Scope Recon - Specific set of “*.target.com” Large Scope Recon – Everything in Scope

Slide 8

Slide 8 text

Automating Recon Project Bheem ReconFTW Osmedeus

Slide 9

Slide 9 text

MANUAL TESTING APPROACH

Slide 10

Slide 10 text

GET IN TOUCH AT ◦ Twitter: @e11i0t_4lders0n ◦ LinkedIn: /in/tushars25 ◦ Instagram: @e11i0t_4lders0n__ ◦ Email: tushar.infosec@gmail.com