How to get started in bug bounty

Slide 1

Slide 1 text

HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA

Slide 2

Slide 2 text

WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer

Slide 3

Slide 3 text

AGENDA • Learning path for Bug Bounty • Bug Bounty Platforms • Report Writing/Bug Submission

Slide 4

Slide 4 text

WHAT IS BUG BOUNTY? Bug Bounty is a deal offered by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.

Slide 5

Slide 5 text

BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT

Slide 6

Slide 6 text

CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application Security Testing

Slide 7

Slide 7 text

FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter

Slide 8

Slide 8 text

FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS

Slide 9

Slide 9 text

BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof • Intigriti • YesWeHack • Inspectiv • Synack • Cobalt

Slide 10

Slide 10 text

WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist Bugcrowd Vulnerability Rating Taxonomy

Slide 11

Slide 11 text

REPORT WRITING

Slide 12

Slide 12 text

• Vulnerability Name: • Technical Severity: • Vulnerable URLs: • Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:

Slide 13

Slide 13 text

GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25 • Instagram: @e11i0t_4lders0n__ • Email: tushar.infosec@gmail.com

Slide 14

Slide 14 text

THANK YOU