Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
How to get started in bug bounty
Search
Tushar Verma
June 18, 2021
Education
1
470
How to get started in bug bounty
Learning path for Bug Bounty
Bug Bounty Platforms
Report Writing/Bug Submission
Tushar Verma
June 18, 2021
Tweet
Share
More Decks by Tushar Verma
See All by Tushar Verma
The Power of Recon_ Leveraging Recon for Easy $$$$
e11i0t_4lders0n
0
160
AWS Cloud Forensics & Incident Response
e11i0t_4lders0n
1
650
Hacking OAuth Applications
e11i0t_4lders0n
1
2k
Exploiting SSRF like a Boss
e11i0t_4lders0n
2
1.1k
How to Fail at Bug Bounty Hunting
e11i0t_4lders0n
1
1.7k
The Bug Hunter’s Recon Methodology
e11i0t_4lders0n
2
760
METHODOLOGIES AND APPROACH TO START BUG BOUNTY HUNTING
e11i0t_4lders0n
0
560
Bypassing 2FA Misconfiguration
e11i0t_4lders0n
1
2.3k
Other Decks in Education
See All in Education
AI 時代軟體工程師的持續升級
mosky
1
2.1k
自己紹介 / who-am-i
yasulab
PRO
2
4.5k
Unraveling JavaScript Prototypes
debug_mode
0
140
複式簿記から純資産を排除する/eliminate_net_assets_from_double-entry_bookkeeping
florets1
0
310
The Prison Industrial Complex by Billy Dee
oripsolob
0
610
Use Cases and Course Review - Lecture 8 - Human-Computer Interaction (1023841ANR)
signer
PRO
0
870
Web Search and SEO - Lecture 10 - Web Technologies (1019888BNR)
signer
PRO
2
2.6k
Ch4_-_Cours_1.pdf
bernhardsvt
0
140
HyRead2425
cbtlibrary
0
120
生成AIと歩むこれからの大学
gmoriki
0
960
書を持って、自転車で町へ出よう
yuritaco
0
140
Ch2_-_Partie_3.pdf
bernhardsvt
0
130
Featured
See All Featured
The World Runs on Bad Software
bkeepers
PRO
67
11k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Designing on Purpose - Digital PM Summit 2013
jponch
117
7.1k
Cheating the UX When There Is Nothing More to Optimize - PixelPioneers
stephaniewalter
280
13k
Six Lessons from altMBA
skipperchong
27
3.6k
The Cult of Friendly URLs
andyhume
78
6.2k
Git: the NoSQL Database
bkeepers
PRO
427
64k
GraphQLの誤解/rethinking-graphql
sonatard
68
10k
GitHub's CSS Performance
jonrohan
1030
460k
"I'm Feeling Lucky" - Building Great Search Experiences for Today's Users (#IAC19)
danielanewman
226
22k
Thoughts on Productivity
jonyablonski
69
4.5k
Transcript
HOW TO GET STARTED IN BUG BOUNTY BY: TUSHAR VERMA
WHOAMI Bug Bounty Hunter Synack Red Team Member Infosec Trainer
AGENDA • Learning path for Bug Bounty • Bug Bounty
Platforms • Report Writing/Bug Submission
WHAT IS BUG BOUNTY? Bug Bounty is a deal offered
by many websites and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities.
BASIC TECHNICAL THINGS TO GET STARTED INTERNET, HTTP, TCP/IP LINUX
AND BASH SCRIPTING LEARNING BASICS OF HTML, PHP, JAVASCRIPT
CHOOSING YOUR INITIAL PATH Web application Security Testing Mobile Application
Security Testing
FOR WEB APPLICATION PENETRATION TESTING Web Application Hacker’s Handbook Web
Hacking 101 PortSwigger Academy Pentesterlab BugBountyHunter
FOR MOBILE APPLICATION PENETRATION TESTING OWASP Mobile Testing Guide Mobile
application hacker’s handbook Mobile Security Wiki by Aditya Agrawal DIVA (Damn insecure and vulnerable App) Android & iOS
BUG BOUNTY PLATFORM: • Bugcrowd • Hackerone • Hackenproof •
Intigriti • YesWeHack • Inspectiv • Synack • Cobalt
WHICH CHECKLIST TO FOLLOW??? OWASP Web Application Security Testing Checklist
Bugcrowd Vulnerability Rating Taxonomy
REPORT WRITING
• Vulnerability Name: • Technical Severity: • Vulnerable URLs: •
Vulnerability Description: • Steps to Reproduce: • Impact: • Suggested Countermeasures:
GET IN TOUCH AT • Twitter: @e11i0t_4lders0n • LinkedIn: /in/tushars25
• Instagram: @e11i0t_4lders0n__ • Email:
[email protected]
THANK YOU
e11i0t_4lders0n
mosky
yasulab
debug_mode
florets1
oripsolob
signer
bernhardsvt
cbtlibrary
gmoriki
yuritaco
bkeepers
lynnandtonic
destraynor
jponch
stephaniewalter
skipperchong
andyhume
sonatard
jonrohan
danielanewman
jonyablonski
