HARI KRISHNAN. R
Security Researcher and new to ppt :P
And get fame and cash
Find bug and
Paying rewards to independent security researchers for finding vulnerabilities
in their products.
And what we get ?
Money and Fame.
And what the company get ?
They get their application secured and is very cost effective for them as they
pay the independent researchers a minimal amount
About Bug Bounty
What all you need to start hunting for bounty ?
Know about the target, their products, acquired companies ( which you
can find it by searching it in Google ) , sub domains, etc.
Do have a good understanding of the application which you are testing.
Know which all company is having bug bounty program and some of
What kind of bugs are in scope ?
XSRF / CSRF
SQL injection or equivalent
Remote code execution
Authentication bypass or information leak
Rewards for qualifying bugs can range from 100 $ to 20,000$ or more.
So far, Google have paid $828,000 to more than 250 individuals.
Mozilla has paid $570,000+
Reference:Slides from Adam Mein at SANS AppSec 2011
Reference: Slides from Adam Mein at SANS AppSec 2011