Introduction
Starting in October the 11th, @_dc151 started running a social event with lightning talks related to hacking. For the second event held on 8th of November, I was asked to talk about my experience with bug bounties. Since it is a wide and interesting topic, I decided to start from the beginning and address some questions a beginner would have regarding the topic:
- What is a bug bounty?
- What is the difference between a bug bounty and a penetration test from the hacker and the customer's perspective?
- What kind of bug bounty program exist? Which is one is better to start with?
- What are bug bounty platforms?
- A list of bug bounty plaforms (Hackerone, Bugcrowd, Synack, Zerocopter, Cobalt, Dvuln & Intigriti)
- A description of the above mentioned bounty platforms (pros & cons)
- When to start working on bug bounties?
- How to start? How to select a program?