How to get started into BUG BOUNTIES

Slide 1

Slide 1 text

A HOW TO GET STARTED INTO BUG BOUNTIES 01 Starting our Journey AKASH RAJENDRA PATIL

Slide 2

Slide 2 text

02 Who am i? AKASH PATIL Hackerone, Bugcrowd & YesWeHack and VDPS Ethical Hacker / Bug Bounty Hunter Qseap Infotech Pvt Ltd Information Security Consultant Professional Keyboard Player Graphic Designer

Slide 3

Slide 3 text

03 BUG BOUNTY Table of Contents Introduction What is bug bounty? Roadmap to start bug bounty How to start Burpsuite / ZAP OWASP TOP 10 - 2021 Live Demonstration Resources QnA

Slide 4

Slide 4 text

04 What is Bug Bounty? A reward offered to a person who identifies an error or vulnerability in a computer program or system Identification and reporting of bugs and vulnerability in a responsible way.

Slide 5

Slide 5 text

05 Bug Bounty Roadmap What to study ? ROADMAP TO START BUG BOUNTY Internet, HTTP, TCP/IP Networking Command-line Linux Web technologies At least 1 programming language (Python/C/JAVA/Ruby.. ) Owasp top 10

Slide 6

Slide 6 text

Certificate of Appreciation Types of Bug Bounty programs: 06 Hall of Fame Swags Hall of Fame with Bounty Bounty

Slide 7

Slide 7 text

07 BUG BOUNTY PLATFORM INVITATION BASED PLATFORMS GOOGLE DORKS (VDP) Hackerone YesWeHack Bugcrowd hackenproof Bugbountyjp Intigriti Inspectiv Open Bug Bounty bugbounter Synack Yogosha Dectify Colbalt Core Pentabug inurl:security "reward" inurl : /responsible disclosure inurl : /responsible-disclosure/ reward inurl : / responsible-disclosure/ swag inurl : / responsible-disclosure/ bounty inurl:'/responsible disclosure' hoodie

Slide 8

Slide 8 text

08 Tools BURPSUITE Burp Suite is an integrated platform and graphical tool for performing security testing of web applications, it supports the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.

Slide 9

Slide 9 text

09 OWASP TOP 10 - 2021 The Open Web Application Security Project is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The Open Web Application Security Project provides free and open resources.

Slide 10

Slide 10 text

10 Applying Your knowledge

Slide 11

Slide 11 text

11 Practice makes a man perfect...!! Portswigger owaspbwa Pentesterlab Hackerone CTF TryHackme Medium PnetesterLand BugReader

Slide 12

Slide 12 text

d 12

Slide 13

Slide 13 text

Slide 14

Slide 14 text

14 Parameter Tampering 1.

Slide 15

Slide 15 text

15 2. Login Bypass

Slide 16

Slide 16 text

16 3. Rate Limit

Slide 17

Slide 17 text

17 Resources RESOURCES FOR BUG HUNTING

Slide 18

Slide 18 text

18 QnA

Slide 19

Slide 19 text

19 Internship Oppourtunity

Slide 20

Slide 20 text

skypatil98 skypatil78@gmail.com https://www.linkedin.com/ n/akashpatil98/ www.akashpatil.me 20 Thank You Feel free to contact if you have any queries