The Bug bounty scene: how to start with bug bounties

The Bug bounty scene: how to start with bug bounties. First slide
  • Nicodemo Gawronski
  • 9 Nov 2017

Introduction

Starting in October the 11th, @_dc151 started running a social event with lightning talks related to hacking. For the second event held on 8th of November, I was asked to talk about my experience with bug bounties. Since it is a wide and interesting topic, I decided to start from the beginning and address some questions a beginner would have regarding the topic:

  • What is a bug bounty?
  • What is the difference between a bug bounty and a penetration test from the hacker and the customer's perspective?
  • What kind of bug bounty program exist? Which is one is better to start with?
  • What are bug bounty platforms?
  • A list of bug bounty plaforms (Hackerone, Bugcrowd, Synack, Zerocopter, Cobalt, Dvuln & Intigriti)
  • A description of the above mentioned bounty platforms (pros & cons)
  • When to start working on bug bounties?
  • How to start? How to select a program?

Nicodemo @nijagaw Gawronski at DC151 in Leeds, November 2017

Presentation Slides

Find here the slides of the talk "The bug bounty scene (and how to start)"

Tags :
Tutorial Burp Suite Web application testing

Nicodemo Gawronski

My name is Nicodemo @nijagaw Gawronski. I am the founder of Code Grazer. Penetration tester during the day, bug hunter at night on bug bounty platforms such as Bugcrowd, Hackerone, Cobalt, Dvuln and Zerocopter. My experience in the field varies, covering web app and mobile application testing, internal network penetration testing (including wifi security assessment, firewall review, build review), IoT and hardware hacking, social engineering, phishing campaigns and last but not least programming.