Hackers of India

My Experiments with truth: a different route to bug hunting

By  Devesh Bhatt  on 13 Sep 2013 @ Rootcon

Abstract

The Best way to improve the security of your systems is to hire hackers. Unfortunately, companies can’t hire all best hackers, so the companies has chosen another best way to improve their system security, “Bug Bounty Program”

Google, Facebook, Mozilla, PayPal, Etsy and many other companies pay a good amount to hackers for responsible disclosure and recently it is being started as a service in the form of “bugcrowd” Security Researchers have submitted bugs ranging from configuration issues to SQL injections.

This topic is not about what is a “Bug Bounty” program, who all is paying what amount and the scope of testing. This paper is basically focused on the approach to finding simple and yet devastating vulnerabilities, earn hefty amounts and share space with the top researchers from around the globe.