Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to get started in bug bounty
Search
Tushar Verma
June 18, 2021
Education
1
470
How to get started in bug bounty
Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission
Tushar Verma
June 18, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
150
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
640
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
550
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.2k
Other Decks in Education
See All in Education
Human Perception and Cognition - Lecture 4 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
710
Amazon Connectを利用したCloudWatch Alarm電話通知
junghyeonjae
0
260
世界のオープンソースロボットたち #1
shiba_8ro
0
140
技術を楽しもう/enjoy_engineering
studio_graph
1
420
XML and Related Technologies - Lecture 7 - Web Technologies (1019888BNR)
signer
PRO
0
2.5k
オープンソース防災教育ARアプリの開発と地域防災での活用
nro2daisuke
0
170
"数学" をプログラミングしてもらう際に気をつけていること / Key Considerations When Programming "Mathematics"
guvalif
0
560
セキュリティ・キャンプ全国大会2024 S17 探査機自作ゼミ 事前学習・当日資料
sksat
3
850
コンセプトシェアハウス講演資料
uchinomasahiro
0
390
week15@tcue2024
nonxxxizm
0
570
Comment aborder et contribuer sereinement à un projet open source ? (Masterclass Université Toulouse III)
pylapp
0
3.2k
Padlet opetuksessa
matleenalaakso
4
12k
Featured
See All Featured
Into the Great Unknown - MozCon
thekraken
32
1.5k
Scaling GitHub
holman
458
140k
Bash Introduction
62gerente
608
210k
Speed Design
sergeychernyshev
25
620
Building Adaptive Systems
keathley
38
2.3k
Six Lessons from altMBA
skipperchong
27
3.5k
A better future with KSS
kneath
238
17k
Keith and Marios Guide to Fast Websites
keithpitt
409
22k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
169
50k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.3k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Transcript
HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA
WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer
AGENDA • Learning path for Bug Bounty • Bug Bounty
Platforms • Report Writing/Bug Submission
WHAT IS BUG BOUNTY? Bug Bounty is a deal offered
by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX
AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application
Security Testing
FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web
Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile
application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •
Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist
Bugcrowd Vulnerability Rating Taxonomy
REPORT WRITING
• Vulnerability Name: • Technical Severity: • Vulnerable URLs: •
Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
THANK YOU