Your SlideShare is downloading. ×
0
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Testers, get into security bug bounties!
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Testers, get into security bug bounties!

3,135

Published on

An introductory presentation for testers with the scope of motivating to try security bug bounties. It is less theoretical and focuses on practical tips. It is intended to be structured in a way …

An introductory presentation for testers with the scope of motivating to try security bug bounties. It is less theoretical and focuses on practical tips. It is intended to be structured in a way that presents security bug hunting in a non-intimidating way (no super hacking skills needed necessarily, no certifications needed)

http://www.testalways.com/

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total Views
3,135
On Slideshare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
55
Comments
1
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Testers, get intosecurity bug bounties! by Eusebiu Blindu CzechTest 2013
  • 2. I am a tester, not a security expert
  • 3. http://www.utest.com/
  • 4. • potential cash• some reputation• experience• skill improvement
  • 5. • "Its hard and I never did security stuff before" (psychological)• "I dont have the skills" (technical)• "I dont have time, I have to do something else, I cant fit it in my schedule" (logistics)
  • 6. • you dont have to totally hack exposing a major flaw in order to be rewarded in security bug bounties• you dont have to know that "much" to get started in sending bug reports• you dont need to be an expert in the field of security
  • 7. • Try to find small vulnerabilities• Try bug bounty programs that dont offer cash, only mentions• Try to read blog containing reports of already rewarded bugs
  • 8. • A tester has the reflex of finding and sending general bug reports• Can send "without shame" a bug report without fear of rejection• Has a lot of skills that can be focused on security
  • 9. Reasons:• it is usually rewarded by every bug bounty program• most feasible to look for ( considering time spent, chances of finding and the reward value)• for testers should be easy, because there is not too much new techical knowledge
  • 10. (for testers to understand)Simply put: "Make the website popup a window with your desired message on the vulnerable domain by inserting an input"(but read more about it on the "internets"...)
  • 11. (... a tester might ask)• With an XSS you can attack other users (not the server)• Its one of the most common attacks
  • 12. 1) Attacker sends email with a link to victim2) Victim clicks on the link3) Attacker steals session cookie and has access to victims account
  • 13. • error pages• server banner pages• clickjacking
  • 14. • payed much more• harder to find• requires more "out of the box" thinking• need little bit of luck• can be find as a result of one or more low level bug findings
  • 15. • https://www.site_to_be_tested.com/• https://www.site_to_be_tested.com/ download?filename=D://www_conten t/reports/12_01_2010.csv
  • 16. • Main tool should be your brain• Scanners: Acunetix WVS, Burp Suite Pro, Dirbuster, SqlMap• Visibility : Fiddler2• Flash: HP SWFScan• -... and Google Advanced Search
  • 17. • it will show you types of bugs on a website that you might not be familiar with• do a crawling of a website• do certain activities faster than you• find occasionally small or medium bugs that are rewardable
  • 18. • think like a human• find major flaws• it will find lots of false positives (fake bugs)• guarantee a totally safe product
  • 19. Recommandation: You can use the tool in the beginning, after you identified an area. Then go try manually with complex steps and deeper investigation.
  • 20. Battlefield Bug bountyattack field Small Plan Know where you can search for bugs
  • 21. • more chances to find bugs in newer bug bounty programs• more chances to find bugs in newly added functionalities• more chances to find bugs in products that are part of new acquisitions
  • 22. • you have to be faster especially in the beginning of a new bug bounty program than the competition• you have to be more creative than the competition to find complex issues
  • 23. • you can learn from what others already reported before you• Little bit of healthy competition increases motivation• the application will seem easier to hack after you saw someone else doing it
  • 24. • read the requirements and see what is rewardable• list all the rewardable domains• list all the rewardable subdomains(see if Android or iOS platforms are rewardable etc)
  • 25. • read bug bounty requirements• read about the product (on main website for example)• read what was rewarded (social media, blogs, news articles)• similar domains with the known valid ones• whois records for domains belonging to the same company• decrypt data from client app (Desktop,Android,iOS)
  • 26. • DNS records lookup• similar IPs (consecutive) as other valid subdomains• brute force for possible subdomain name "qa.domain.com,db.domain.com"• Google search: "site:domain.com", "site:domain.com - site:www.domain.com"• data analysed (image files on main site are listed on a different unknown subdomain)
  • 27. Just send something!
  • 28. • tools (helps, but its not the main thing)• learning about the business logic and complex functionality helps• similar bugs in another area could exist• the same techniques work differently for different people
  • 29. • hack the database by finding credentials using scanners and manually analyzing files• hack the database credentials by decompressing a flash file• hack the database credentials by using an unfiltered download functionality
  • 30. • keep an open mind (Avoid "I will use only Ubuntu")• overcome fear of succeeding (subconscious fear of winning, fear or envious reprisals at workplace)• see more ideas and approaches (social media)• avoid "expert complex" (fear of trying "stupid" stuff)
  • 31. • social media can help you• your personal standards go higher so you aim for higher
  • 32. • there are not too many testers to promote it• the current format of bug bounties is new• seen a as a separate domain
  • 33. Give a try to security bug bounties And..See if it works for you
  • 34. Thanks!Eusebiu Blinduhttp://www.testalways.comeusebiu.blindu@testalways.com@testalways

×