Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Bug Bounty: Do and Don’t
Search
Raden Ardiansyah Natakusumah
August 30, 2019
Technology
0
62
Bug Bounty: Do and Don’t
Raden Ardiansyah Natakusumah
August 30, 2019
Tweet
Share
More Decks by Raden Ardiansyah Natakusumah
See All by Raden Ardiansyah Natakusumah
Security stories in online payment company
rully
0
26
Protect your business with PCI DSS
rully
0
42
Intrusion Prevention System based on Machine Learning
rully
0
160
PCI DSS Security Awareness
rully
0
160
Other Decks in Technology
See All in Technology
仕様書駆動AI開発の実践: Issue→Skill→PRテンプレで 再現性を作る
knishioka
2
660
What happened to RubyGems and what can we learn?
mikemcquaid
0
300
こんなところでも(地味に)活躍するImage Modeさんを知ってるかい?- Image Mode for OpenShift -
tsukaman
0
140
Bill One急成長の舞台裏 開発組織が直面した失敗と教訓
sansantech
PRO
2
380
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
200
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.5k
顧客の言葉を、そのまま信じない勇気
yamatai1212
1
350
AzureでのIaC - Bicep? Terraform? それ早く言ってよ会議
torumakabe
1
550
Introduction to Bill One Development Engineer
sansan33
PRO
0
360
AI駆動PjMの理想像 と現在地 -実践例を添えて-
masahiro_okamura
1
110
SREチームをどう作り、どう育てるか ― Findy横断SREのマネジメント
rvirus0817
0
260
レガシー共有バッチ基盤への挑戦 - SREドリブンなリアーキテクチャリングの取り組み
tatsukoni
0
220
Featured
See All Featured
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.6k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
141
34k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
130
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
2.1k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.4k
KATA
mclloyd
PRO
34
15k
What Being in a Rock Band Can Teach Us About Real World SEO
427marketing
0
170
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
122
21k
Making Projects Easy
brettharned
120
6.6k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
82
Done Done
chrislema
186
16k
Transcript
None
Bug Bounty: Do and Don’t @r_u_l_l_y For Educational Purpose Only
None
https://about.me/r_u_l_l_y
Bug bounty
February 2019
None
None
Bug report
Bounty hunters
None
None
Previous reports
Duplicate
They report
E-mail
Private chat
Customer care
The form
Text
Screenshots
Docx
PDF
Video
From all of that
One
None
Sample cases
None
None
6 minutes later
None
None
None
None
Proper report
Description
Impact
Recommendation
Severity
OWASP Risk Rating
CVSS v3.1
Proof of Concept
Bug bounty program?
None
Want to report?
[email protected]
Thank you
rully
knishioka
mikemcquaid
tsukaman
sansantech
taketakekaho
yamatai1212
torumakabe
sansan33
masahiro_okamura
rvirus0817
tatsukoni
zakiyama
destraynor
eileencodes
gurzu
garrettdimon
sergeychernyshev
mclloyd
427marketing
panda_program
brettharned
kimpetersen
chrislema
![[email protected]](https://files.speakerdeck.com/presentations/d3a5dfd04266466ab6d8761eab4cdecb/slide_46.jpg){kind=link}
