Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥

Bug Bounty: Do and Don’t

Avatar for Raden Ardiansyah Natakusumah Raden Ardiansyah Natakusumah
August 30, 2019
Technology
0
62

Bug Bounty: Do and Don’t

Avatar for Raden Ardiansyah Natakusumah

Raden Ardiansyah Natakusumah

August 30, 2019
Tweet

More Decks by Raden Ardiansyah Natakusumah

See All by Raden Ardiansyah Natakusumah
Security stories in online payment company
Avatar for Raden Ardiansyah Natakusumah rully
0
26
Protect your business with PCI DSS
Avatar for Raden Ardiansyah Natakusumah rully
0
42
Intrusion Prevention System based on Machine Learning
Avatar for Raden Ardiansyah Natakusumah rully
0
160
PCI DSS Security Awareness
Avatar for Raden Ardiansyah Natakusumah rully
0
160

Other Decks in Technology

See All in Technology
AWS Security Agentの紹介/introducing-aws-security-agent
Avatar for tomoki10 tomoki10
0
310
Lookerで実現するセキュアな外部データ提供
Avatar for ZOZO Developers zozotech
PRO
0
170
会社紹介資料 / Sansan Company Profile
Avatar for Sansan, Inc. sansan33
PRO
11
390k
Snowflakeでデータ基盤を もう一度作り直すなら / rebuilding-data-platform-with-snowflake
Avatar for pei0804 pei0804
6
1.6k
Fashion×AI「似合う」を届けるためのWEARのAI戦略
Avatar for ZOZO Developers zozotech
PRO
2
850
AlmaLinux + KVM + Cockpit で始めるお手軽仮想化基盤 ~ 開発環境などでの利用を想定して ~
Avatar for koedoyoshida koedoyoshida
0
110
生成AI時代におけるグローバル戦略思考
Avatar for Takaaki Yayoi taka_aki
0
200
MariaDB Connector/C のcaching_sha2_passwordプラグインの仕様について
Avatar for kubo ayumu boro1234
0
670
生成AI活用の型ハンズオン〜顧客課題起点で設計する7つのステップ
Avatar for Nakao Yushin yushin_n
0
240
日本Rubyの会: これまでとこれから
Avatar for Koji SHIMADA snoozer05
PRO
3
120
学習データって増やせばいいんですか?
Avatar for fumihiko takahashi ftakahashi
2
490
業務のトイルをバスターせよ 〜AI時代の生存戦略〜
Avatar for staka staka121
PRO
2
220

Featured

See All Featured
What’s in a name? Adding method to the madness
Avatar for Product Marketing Alliance productmarketing
PRO
24
3.8k
Faster Mobile Websites
Avatar for Dean Hume deanohume
310
31k
JavaScript: Past, Present, and Future - NDC Porto 2020
Avatar for David Neal reverentgeek
52
5.8k
How to Think Like a Performance Engineer
Avatar for Harry Roberts csswizardry
28
2.4k
[SF Ruby Conf 2025] Rails X
Avatar for Vladimir Dementyev palkan
0
540
Building an army of robots
Avatar for Kyle Neath kneath
306
46k
Optimising Largest Contentful Paint
Avatar for Harry Roberts csswizardry
37
3.5k
Docker and Python
Avatar for Tania Allard trallard
47
3.7k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
281
24k
Save Time (by Creating Custom Rails Generators)
Avatar for Garrett Dimon garrettdimon
PRO
32
1.8k
Build The Right Thing And Hit Your Dates
Avatar for Maggie C. maggiecrowley
38
3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
Avatar for Chris Coyier chriscoyier
508
140k

Transcript

  1. None

  2. Bug Bounty: Do and Don’t @r_u_l_l_y For Educational Purpose Only

  3. None

  4. https://about.me/r_u_l_l_y

  5. Bug bounty

  6. February 2019

  7. None
  8. None

  9. Bug report

  10. Bounty hunters

  11. None
  12. None

  13. Previous reports

  14. Duplicate

  15. They report

  16. E-mail

  17. Private chat

  18. Customer care

  19. The form

  20. Text

  21. Screenshots

  22. Docx

  23. PDF

  24. Video

  25. From all of that

  26. One

  27. None

  28. Sample cases

  29. None
  30. None

  31. 6 minutes later

  32. None
  33. None
  34. None
  35. None

  36. Proper report

  37. Description

  38. Impact

  39. Recommendation

  40. Severity

  41. OWASP Risk Rating

  42. CVSS v3.1

  43. Proof of Concept

  44. Bug bounty program?

  45. None

  46. Want to report?

  47. [email protected]

  48. Thank you