Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to get started in bug bounty
Search
Tushar Verma
June 18, 2021
Education
1
470
How to get started in bug bounty
Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission
Tushar Verma
June 18, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
160
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
640
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
560
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
Other Decks in Education
See All in Education
Web 2.0 Patterns and Technologies - Lecture 8 - Web Technologies (1019888BNR)
signer
PRO
0
2.5k
LinkedIn
matleenalaakso
0
3.5k
認知情報科学科_キャリアデザイン_大学院の紹介
yuyakurodou
0
150
1127
cbtlibrary
0
170
Поступай в ТОГУ 2025
pnuslide
0
1.9k
地図を活用した関西シビックテック事例紹介
barsaka2
0
150
Sähköiset kyselyt, kokeet ja arviointi
matleenalaakso
1
17k
1106
cbtlibrary
0
440
自分にあった読書方法を探索するワークショップ / Reading Catalog Workshop
aki_moon
0
280
AI 時代軟體工程師的持續升級
mosky
0
1.4k
Security, Privacy and Trust - Lecture 11 - Web Technologies (1019888BNR)
signer
PRO
0
2.6k
ルクソールとツタンカーメン
masakamayama
1
1.1k
Featured
See All Featured
No one is an island. Learnings from fostering a developers community.
thoeni
19
3.1k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Speed Design
sergeychernyshev
25
740
Being A Developer After 40
akosma
89
590k
Product Roadmaps are Hard
iamctodd
PRO
50
11k
Measuring & Analyzing Core Web Vitals
bluesmoon
5
210
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
98
18k
The World Runs on Bad Software
bkeepers
PRO
66
11k
The Invisible Side of Design
smashingmag
299
50k
Building Better People: How to give real-time feedback that sticks.
wjessup
366
19k
The Success of Rails: Ensuring Growth for the Next 100 Years
eileencodes
44
7k
A better future with KSS
kneath
238
17k
Transcript
HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA
WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer
AGENDA • Learning path for Bug Bounty • Bug Bounty
Platforms • Report Writing/Bug Submission
WHAT IS BUG BOUNTY? Bug Bounty is a deal offered
by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX
AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application
Security Testing
FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web
Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile
application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •
Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist
Bugcrowd Vulnerability Rating Taxonomy
REPORT WRITING
• Vulnerability Name: • Technical Severity: • Vulnerable URLs: •
Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
THANK YOU
e11i0t_4lders0n
signer
matleenalaakso
yuyakurodou
cbtlibrary
pnuslide
barsaka2
aki_moon
mosky
masakamayama
thoeni
philnash
sergeychernyshev
akosma
iamctodd
bluesmoon
panda_program
bkeepers
smashingmag
wjessup
eileencodes
kneath
