Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

My Bug Hunting With Open Source

1,497 views

Published on

This talk is going to talk about how I got 50 CVE's in a week. I used to play bug bounties and other security penetration testing challenges. After realization I started contributing to Open Source Community and found several critical bugs and got proper satisfaction for the work. Then I met like minded people and started bug hunter with Code Vigilant (http://codevigilant.com), Project for Securing Open Source Software.

Published in: Technology
  • If u need a hand in making your writing assignments - visit ⇒ www.HelpWriting.net ⇐ for more detailed information.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I’ve personally never heard of companies who can produce a paper for you until word got around among my college groupmates. My professor asked me to write a research paper based on a field I have no idea about. My research skills are also very poor. So, I thought I’d give it a try. I chose a writer who matched my writing style and fulfilled every requirement I proposed. I turned my paper in and I actually got a good grade. I highly recommend ⇒ www.HelpWriting.net ⇐
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Good tips for application essay. However, proofreading your essay is an important activity to make your essay great! Check this site out. HelpWriting.net You write it, we right it!
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

My Bug Hunting With Open Source

  1. 1. My Bug Hunting With Open Source Madhu Akula Information Security Enthusiastic
  2. 2. root@localhost:~# whoami in.linkedin.com/in/madhuakula fb.com/madhu.akula twitter.com/madhuakula ● Network Security Consultant @Payatu ● Chapter lead at null ● Cr3w Member at Nullcon ● Contributor @ Codevigilant ● Bug Huner & Opensource Contributor ● Never ending Learner !
  3. 3. Agenda My journey so far in the world of bug finding This is all about how I have done and how you can also do
  4. 4. History Started hunting for bugs on several bug bounty programs for
  5. 5. History Started with Duplicates...
  6. 6. Digging into deep
  7. 7. Realization ● It's enough ● I'm wasting everyday 2hrs ● Luck is the best kick ● Started as noob and got some experience with app security ● Increased friends network
  8. 8. Then what's next ???
  9. 9. CVE-2014-4329 CVE-2014-4722 CVE-2014-4853
  10. 10. After some days... ● I am not the only person thinking this, Found something similar
  11. 11. What is Code Vigilnat ● A community collaboration effort to make opensource software’s secure. ● Finding bugs and responsibly disclosing them to respective author and preferable getting software updated. ● Responsible disclosure on website after sufficient interval.
  12. 12. About Code Vigilant Anant Shrivastava Prajal Kulkarni Chaitu Madhu Akula
  13. 13. Target A EcoSystem ● We Picked WordPress Ecosystem which meant – WordPress Plugins (current focus) – WordPress Themes (current Focus) – WordPress Core (future check) ● Pick an ecosystem which you think is near and dear to you and the language which you can easily understand.
  14. 14. Why ● 60 million websites world wide ● Current stable release 4.0
  15. 15. Why Wordpress ?
  16. 16. Let's Find Zero Days
  17. 17. Feedback
  18. 18. Let's Automate
  19. 19. Result More than 50 CVE's in 1 Week
  20. 20. Expectation We are seeking for more volunteers to come forward and help us make opensource softwares a more secure plateform.
  21. 21. For 'U' ● Appeal to use codevigilant plateform ● You find flaws – Either join our team and do continuous contribution • You get an author’s page at codevigilant • If you get any bounty for the bug you keep it. – Send Details as one off cases of finding ● We will do co-ordination with third party ● We will try to get it patched or remove it from internet if not patched. ● We will publish advisory on website with yours and co-ordinator’s name in advisory.
  22. 22. For 'U' ● If you want a open source product tested contact us and we will see what we can do about it. ● If you want quick test’s you can think about donating to the project.
  23. 23. Code Vigilant ● http://www.codevigilant.com ● https://github.com/Codevigilant ● https://facebook.com/Codevigilant ● https://twitter.com/Codevigilant
  24. 24. Thanks

×