How to get started in bug bounty

Transcript

1. HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA

2. WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer

3. AGENDA • Learning path for Bug Bounty • Bug Bounty

   Platforms • Report Writing/Bug Submission

4. WHAT IS BUG BOUNTY? Bug Bounty is a deal offered

   by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.

5. BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX

   AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT

6. CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application

   Security Testing

7. FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web

   Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter

8. FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile

   application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS

9. BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •

   Intigriti • YesWeHack • Inspectiv • Synack • Cobalt

10. WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist

    Bugcrowd Vulnerability Rating Taxonomy

11. REPORT WRITING

12. • Vulnerability Name: • Technical Severity: • Vulnerable URLs: •

    Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:

13. GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25

    • Instagram: @e11i0t_4lders0n__ • Email: [email protected]

14. THANK YOU