Bug Bounty - Hackers Job

Arbin Godar (@arbingodar)

Arbin Godar #whoami

- Student @ Trinity International College- Guy interested in web security- A mediocre programmer, hobbyist etc.

Acknowledged by

etc….

What is Bug Bounty?Paying monetary reward to security researchers for certain qualifying security bugs.

Hacker find security bug and reported bug on Example

Example security team triaged the bug

Example pays $$$ according to it’s impact

Why companies run bug bounty program?

- Fastest way to improve security publicly- Safety- Cost effective

Why bug hunting?

- To make money- To have fun- To build strong portfolio - To be challenged etc.

“ Hacking is a lifelong journey of learning. ”

- https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

- https://hackerone.com/blog/what-great-hackers-share

- https://forum.bugcrowd.com/t/researcher-resources-how-to-become-a-bug-bounty-hunter/1102

References / Links:

How to start bug hunting ?

- Practice makes a man perfect- Reading : books , proof of concepts - Requires little programming knowledge- Think logically

Popular bug bounty programs and platforms

- Facebook, Google, Twitter, Yahoo, PayPal etc.

- Platforms: HackerOne , Bugcrowd, Cobalt, Synack etc.

Submitting Bug Report

- Title - Description of bug- Step to Reproduce the bug- Impact- Suggested Fix

For Motivation

Thank You!

Arbin Godar (@arbingodar)pentester.arbin@gmail.comwww.arbingodar.com