Slide 1

Slide 1 text

Build Unique Search Experiences Adam Surak SRE & Security Engineer [email protected] @AdamSurak Continuous Security

Slide 2

Slide 2 text

@AdamSurak Core Core Core Core Security

Slide 3

Slide 3 text

@AdamSurak Core Core Core Core Core Core

Slide 4

Slide 4 text

@AdamSurak Penetration testing Quality varies Very detailed and understandable outcomes Higher price* One shot -> outdated in few hours

Slide 5

Slide 5 text

@AdamSurak Responsive disclosure [email protected] “Give me money!” “Give me money or I will not tell you what I’ve found!” How do you send money to India, Pakistan, … ?

Slide 6

Slide 6 text

@AdamSurak Public Bug Bounty Program HackerOne, Bugcrowd, … All the reports in one place Protects both reporter and site owner Clean accounting Possible swag-only

Slide 7

Slide 7 text

@AdamSurak 1 year with HackerOne

Slide 8

Slide 8 text

@AdamSurak 1 year with HackerOne 12.2% 42.2% 23.2% 22.4%

Slide 9

Slide 9 text

@AdamSurak All-time vs last 6 months 12.2% 42.2% 23.2% 22.4% 18.2% 22.9% 13.5% 45.3%

Slide 10

Slide 10 text

@AdamSurak 1 year with HackerOne

Slide 11

Slide 11 text

@AdamSurak All-time vs last 6 months All-time Last 6 months Response time 2 days 1 day Resolution time 21 days 11 days Bounties $10,125 $4,000

Slide 12

Slide 12 text

@AdamSurak Learnings PenTesters think differently Beginning is hard Have patience with communication You can’t do it best effort There will be noise No matter what, they will use automatic scanners

Slide 13

Slide 13 text

W e are hiring in Paris and SF QUESTIONS? Build Unique Search Experiences [email protected] @AdamSurak