This document discusses bug bounty programs (BBPs), which reward security researchers for responsibly disclosing software vulnerabilities. It introduces BBPs, noting they save companies money while improving security. Major companies like Google and Facebook run BBPs. The document outlines prerequisites for BBPs like learning security testing techniques. It provides tips for finding vulnerabilities like understanding a site's scope, tools, and avoiding duplicate reports. Common vulnerability types in BBPs include injection flaws and insecure data storage.

1. Bug Bounty
Pawn to Earn
Vinod Tiwari
@war_crack

2. Agenda
•
•
•
•
•
•
•
•
Introduction
Why #BBPs?
Who are they?
Prerequisites
Develop your own approach
Tools
Avoid Duplicates
Finding new #BBPs

3. Introduction
• Rewards(Not always) & Credits for finding
loopholes
• Bugs in application, Network, product etc.
• Should be Responsible disclosure

4. Why #BBPs?
• Saves money getting job done by worldwide
researchers
• Different kind of bugs which owner never had
thought of
• Work directly with researchers
• It was all started by Netscape in 1995

5. Who are they?
•
•
•
•
•
•
Google
Facebook
Mozilla
ATT
Barracuda
List at
– https://bugcrowd.com/list-of-bug-bountyprograms

6. Prerequisite
• You should read these,
– OWASP Testing Guide V3
– The Web application hacker’s handbook
– RFC 2616 - HTTP /1.1
• Have hands-on with few simulators e.g.
– Mutillidae
– DVWA
– etc.

7. Approach
• Develop your own
• Understand the Scope
• Gather Information about domain, services,
CMS & structures
• Understand the logic
• Avoid using automated tools
• Have standard template to report

8. Tools Required
• Proxy: Burp Suite, Fiddler etc.
• Browser extensions & Add-ons (Firefox)
– Live HTTP header
– Firebug/ Web developer tool
– ClickJacking Defense
– Wapplyzer
– User agent Switcher
– Many more

9. Common Security Flaws
Vulnerabilities
9%
14%
7%
Injection
Session flaws
XSS
12%
16%
IDOR
Security Misconfiguration
Sensitive Data Exposure
CSRF
16%
19%
7%
Other

10. Avoid Duplicates
• Try on Sub domains
• Standard templates for common bugs can
save time
• Try with business logic flaws
– https://www.owasp.org/index.php/Testing_for_b
usiness_logic_(OWASP-BL-001)

11. Submission Format
•
•
•
•
•
•
•
Vulnerability Name:
Description:
Impact:
Vulnerable Link/Product:
Environment tested on:
POC (Screenshots, Video):
References if any

12. Finding New #BBPs
• Google can help
• Approach them
• FUD will always help

13. References
• http://www.slideshare.net/mehimansu/bugbounty-for-beginners?from_search=1
• http://www.slideshare.net/goldshlager19/nirgoldshlager-killing-a-bug-bounty-programtwice-hack-in-the-box-2012?from_search=9

14. Questions?
• Thanks!

Twitter: @war_crack
email: nikivin.vinod@gmail.com