Abstract
The Best way to improve the security of your systems is to hire hackers. Unfortunately, companies can’t hire all best hackers, so the companies has chosen another best way to improve their system security, “Bug Bounty Program”
Google, Facebook, Mozilla, PayPal, Etsy and many other companies pay a good amount to hackers for responsible disclosure and recently it is being started as a service in the form of “bugcrowd” Security Researchers have submitted bugs ranging from configuration issues to SQL injections.
This topic is not about what is a “Bug Bounty” program, who all is paying what amount and the scope of testing. This paper is basically focused on the approach to finding simple and yet devastating vulnerabilities, earn hefty amounts and share space with the top researchers from around the globe.