Download - How to run a kick ass bug bounty program - Node Summit 2013

Transcript
Page 1: How to run a kick ass bug bounty program - Node Summit 2013

How to run a kick-ass bug bounty program

Casey Ellis – CEO Chris Raethke – CTO

Bugcrowd Inc

Page 2: How to run a kick ass bug bounty program - Node Summit 2013
Page 3: How to run a kick ass bug bounty program - Node Summit 2013

AGILE SCRUM

PAIRING TDD

CI

BEST PRACTICE...

Page 4: How to run a kick ass bug bounty program - Node Summit 2013

all apps have security bugs

...REALITY

Page 5: How to run a kick ass bug bounty program - Node Summit 2013
Page 6: How to run a kick ass bug bounty program - Node Summit 2013

Current Approach

Page 7: How to run a kick ass bug bounty program - Node Summit 2013

Bad Guys Good Guys

...help!

ARRRGGGH!

Page 8: How to run a kick ass bug bounty program - Node Summit 2013

A Better Approach

Page 9: How to run a kick ass bug bounty program - Node Summit 2013

Bad Guys Moar’ Good Guys

...arrrrrgh?

Page 10: How to run a kick ass bug bounty program - Node Summit 2013

What is a bug bounty program?

Page 11: How to run a kick ass bug bounty program - Node Summit 2013

Bug bounties are awesome…

Page 12: How to run a kick ass bug bounty program - Node Summit 2013

…but hard.

Page 13: How to run a kick ass bug bounty program - Node Summit 2013

The mistake *everyone* makes

DATA PEOPLE

Page 14: How to run a kick ass bug bounty program - Node Summit 2013

The Golden Rules

Page 15: How to run a kick ass bug bounty program - Node Summit 2013

Respect the researcher

Page 16: How to run a kick ass bug bounty program - Node Summit 2013

If you touch code, pay it.

Page 17: How to run a kick ass bug bounty program - Node Summit 2013

Manage expectations

Page 18: How to run a kick ass bug bounty program - Node Summit 2013

Normalize inputs

Page 19: How to run a kick ass bug bounty program - Node Summit 2013

Pay quickly

Page 20: How to run a kick ass bug bounty program - Node Summit 2013

Fix problems quickly

Page 21: How to run a kick ass bug bounty program - Node Summit 2013

Be open about duplicates

Page 22: How to run a kick ass bug bounty program - Node Summit 2013

Questions?

Casey Ellis – CEO Chris Raethke – CTO

Bugcrowd Inc


Top Related

Bug Bounty & Responsible Disclosure - HAKON-2019€¦ · Reviewer of “Hands-On Bug Bounty for Penetration Testers” and “Burp Suite Cookbook” @tiger_tigerboy . Yandex and the

Bug Bounty & Responsible Disclosure - HAKON-2019€¦ · Reviewer of “Hands-On Bug Bounty for Penetration Testers” and “Burp Suite Cookbook” @tiger_tigerboy . Yandex and the

Penetration Testing of Web Applications in a Bug Bounty ...

Penetration Testing of Web Applications in a Bug Bounty ...

Bug Bounty Programs : Good for Government

Bug Bounty Programs : Good for Government

Yet another talk on bug bounty

Yet another talk on bug bounty

Bug Bounties, Ransomware, and Other Cyber Hype for Legal ...€¦ · Bug Bounty 101 – How it Works. Bug Bounty – Is there a Code of Conduct? “Is there Honor Among ‘Security

Bug Bounties, Ransomware, and Other Cyber Hype for Legal ...€¦ · Bug Bounty 101 – How it Works. Bug Bounty – Is there a Code of Conduct? “Is there Honor Among ‘Security

7 Bug Bounty Myths, BUSTED

7 Bug Bounty Myths, BUSTED

2018 STATE OF BUG BOUNTY - Aquion

2018 STATE OF BUG BOUNTY - Aquion

Yandex bug bounty part 2

Yandex bug bounty part 2

Languages
Pages
Legal

Copyright © 2022 FDOCUMENTS