Presentation Material

Abstract

Bug Bounty programs have conventionally become one of the most trusted strategies for ensuring thorough application testing to find out the vulnerabilities in an application that the regular, periodic pentesting might have missed.

This, however, can be massively painful for the organization which will be flooded with different ‘attack’ traffic hitting them from all over the world, if the blue team is not aptly prepared.

For an organization opting for a bug bounty program, it is imperative that it proactively looks for and mitigates the operational as well as performance risks arising from it so that the defense rules can be noiseless and focus on finding real adversarial traffic; at the same time, ensuring a good experience for the researchers of the bounty program.