• Like
Bug Bounty Secrets
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Published

null Trivandrum Chapter - July 2013 Meet

null Trivandrum Chapter - July 2013 Meet

Published in Education , Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,543
On SlideShare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
61
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Bug Bounty Secrets
  • 2. HARI KRISHNAN. R Security Researcher and new to ppt :P
  • 3. And get fame and cash  Select the target Gather Information Find bug and report Basic steps
  • 4. Paying rewards to independent security researchers for finding vulnerabilities in their products. Major Players Google Mozilla Facebook Paypal And what we get ? Money and Fame. And what the company get ? They get their application secured and is very cost effective for them as they pay the independent researchers a minimal amount About Bug Bounty
  • 5. What all you need to start hunting for bounty ? Know about the target, their products, acquired companies ( which you can find it by searching it in Google ) , sub domains, etc. Do have a good understanding of the application which you are testing. Know which all company is having bug bounty program and some of them are AT&T Barracuda Chromium Project Etsy Facebook Gallery Google Hex-Rays Kaneva LaunchKey ManageWP Mozilla PayPal Samsung Yandex
  • 6. What kind of bugs are in scope ? XSS XSRF / CSRF SQL injection or equivalent Remote code execution Authentication bypass or information leak Rewards for qualifying bugs can range from 100 $ to 20,000$ or more. So far, Google have paid $828,000 to more than 250 individuals. Mozilla has paid $570,000+
  • 7. Reference:Slides from Adam Mein at SANS AppSec 2011
  • 8. Reference: Slides from Adam Mein at SANS AppSec 2011
  • 9. Example 1 : Dom based Xss in Google Partners
  • 10. Example 2: XSS vulnerabilities in Google's Gmail's mobile view by Nils juenemann
  • 11. Conclusion: Report the bugs to the company rather than selling it in black market ;)