Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Bug Bounty Secrets

4,905 views

Published on

null Trivandrum Chapter - July 2013 Meet

Published in: Education, Technology, Business
  • If you’re struggling with your assignments like me, check out ⇒ www.WritePaper.info ⇐. My friend sent me a link to to tis site. This awesome company. After I was continuously complaining to my family and friends about the ordeals of student life. They wrote my entire research paper for me, and it turned out brilliantly. I highly recommend this service to anyone in my shoes. ⇒ www.WritePaper.info ⇐.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Celebrated pianist Scott Henderson says: "I am thoroughly impressed by the system's ability to multiply your investment! ▲▲▲ http://t.cn/A6zP24pL
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating for everyone is here: ♥♥♥ http://bit.ly/36cXjBY ♥♥♥
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Dating direct: ❶❶❶ http://bit.ly/36cXjBY ❶❶❶
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Get Automated Computer NFL,MLB,Soccer picks [$127,999 profit verified] ▲▲▲ http://scamcb.com/zcodesys/pdf
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Bug Bounty Secrets

  1. 1. Bug Bounty Secrets
  2. 2. HARI KRISHNAN. R Security Researcher and new to ppt :P
  3. 3. And get fame and cash  Select the target Gather Information Find bug and report Basic steps
  4. 4. Paying rewards to independent security researchers for finding vulnerabilities in their products. Major Players Google Mozilla Facebook Paypal And what we get ? Money and Fame. And what the company get ? They get their application secured and is very cost effective for them as they pay the independent researchers a minimal amount About Bug Bounty
  5. 5. What all you need to start hunting for bounty ? Know about the target, their products, acquired companies ( which you can find it by searching it in Google ) , sub domains, etc. Do have a good understanding of the application which you are testing. Know which all company is having bug bounty program and some of them are AT&T Barracuda Chromium Project Etsy Facebook Gallery Google Hex-Rays Kaneva LaunchKey ManageWP Mozilla PayPal Samsung Yandex
  6. 6. What kind of bugs are in scope ? XSS XSRF / CSRF SQL injection or equivalent Remote code execution Authentication bypass or information leak Rewards for qualifying bugs can range from 100 $ to 20,000$ or more. So far, Google have paid $828,000 to more than 250 individuals. Mozilla has paid $570,000+
  7. 7. Reference:Slides from Adam Mein at SANS AppSec 2011
  8. 8. Reference: Slides from Adam Mein at SANS AppSec 2011
  9. 9. Example 1 : Dom based Xss in Google Partners
  10. 10. Example 2: XSS vulnerabilities in Google's Gmail's mobile view by Nils juenemann
  11. 11. Conclusion: Report the bugs to the company rather than selling it in black market ;)

×