Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to get started in bug bounty
Search
Tushar Verma
June 18, 2021
Education
1
470
How to get started in bug bounty
Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission
Tushar Verma
June 18, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
150
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
640
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
550
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.2k
Other Decks in Education
See All in Education
2409_CompanyInfo_Hanji_published.pdf
yosukemurata
0
230
LINE ミニアプリ開発のメリットとキャッチアップ方法
junghyeonjae
0
630
AWS All Certが伝える 新AWS認定試験取得のコツ (Machine Learning Engineer - Associate)
nnydtmg
1
510
Kindleストアで本を探すことの善悪 #Izumo Developers' Guild 第1回 LT大会
totodo713
0
120
寺沢拓敬 2024. 09. 「言語政策研究と教育政策研究の狭間で英語教育政策を考える」
terasawat
0
200
Gemini in Android Studio 使ってますか?
satoryo56
0
420
"数学" をプログラミングしてもらう際に気をつけていること / Key Considerations When Programming "Mathematics"
guvalif
0
540
XML and Related Technologies - Lecture 7 - Web Technologies (1019888BNR)
signer
PRO
0
2.5k
プロダクト・エンジニア・QAE 3軸でのナレッジシェアのススメ
hinac0
1
800
ACT FAST 20240830
japanstrokeassociation
0
250
東工大 traP Kaggle班 機械学習講習会 2024
abap34
1
280
Master of Applied Science & Engineering: Computer Science & Master of Science in Applied Informatics
signer
PRO
0
420
Featured
See All Featured
Typedesign – Prime Four
hannesfritz
39
2.4k
Mobile First: as difficult as doing things right
swwweet
222
8.9k
Code Reviewing Like a Champion
maltzj
519
39k
Git: the NoSQL Database
bkeepers
PRO
425
64k
No one is an island. Learnings from fostering a developers community.
thoeni
19
3k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.8k
Docker and Python
trallard
40
3.1k
The Power of CSS Pseudo Elements
geoffreycrofte
72
5.3k
4 Signs Your Business is Dying
shpigford
180
21k
[RailsConf 2023] Rails as a piece of cake
palkan
51
4.9k
Adopting Sorbet at Scale
ufuk
73
9k
Designing on Purpose - Digital PM Summit 2013
jponch
115
6.9k
Transcript
HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA
WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer
AGENDA • Learning path for Bug Bounty • Bug Bounty
Platforms • Report Writing/Bug Submission
WHAT IS BUG BOUNTY? Bug Bounty is a deal offered
by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX
AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application
Security Testing
FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web
Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile
application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •
Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist
Bugcrowd Vulnerability Rating Taxonomy
REPORT WRITING
• Vulnerability Name: • Technical Severity: • Vulnerable URLs: •
Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
THANK YOU