Introduction to Bug Bounties
How to find bugs hands-on
How to use popular bug bounty programs
Case evaluation: Facebook page takeover bug
Conclusions and surprises
2. SESSION OUTLINE
Introduction to Bug Bounties 2:05-2:15
How to find bugs hands-on 2:15-2:35
How to use popular bug bounty programs 2:35-2.45
Case evaluation: Facebook page takeover bug 2:45-2:255
Conclusions and surprises 2:55 onwards
4. BUG BOUNTY
A bug bounty program is a deal offered by many websites and software
developers by which individuals can receive recognition and compensation
for reporting bugs, especially those pertaining to exploits and
vulnerabilities.
These programs allow the developers to discover and resolve bugs before
the general public is aware of them, preventing incidents of widespread
abuse.
Bug bounty programs have been implemented by Facebook,Yahoo!,
Google, Reddit, Square and Microsoft.
5. REWARDS
Hall of fame(s)
$$$
Study grants and scholarships for research
Recognition
6. FAQS &
MISCONCEPTIONS I do not have any of those fancy security research tools
I do not have excellent coding knowledge
How do I begin and where do I begin?
7. WHAT YOU NEED
Be able to read and understand code
Keep an open eye for different attack possibilities
Keep updated with the latest attacks and see their POCs (Proof of Concept)
Differentiate between bugs and false positives
(https://www.facebook.com/notes/facebook-bug-bounty/commonly-
submitted-false-positives/744066222274273 )
Don’t give up!
8. FLOW
Know about bugs! Refer OWASPTop 10
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
Use a testing guide!
OWASPTesting Project (https://www.owasp.org/images/1/19/OTGv4.pdf )
Follow researchers and their updates!
11. HANDS ON
Search “Google dorks” to find vulnerable websites. Sample strings:
Inurl:admin_login.php site:.pk
SQL Injection string to be entered in username and password fields: ' or 1=1--
12. BURP SUITE
Burp Suite: Burp Suite is an integrated platform for performing security testing of
applications. Its various tools work seamlessly together to support the entire
testing process, from initial mapping and analysis of an application's attack
surface, through to finding and exploiting security vulnerabilities. Burp gives you
full control, letting you combine advanced manual techniques with state-of-the-
art automation, to make your work faster, more effective, and more fun.
(It is one of the most awesome tools i have ever come across. there are a lot of
features you can use, just make sure you understand each and every function from
burp suite). I’m sure you know all the functionality will make your task way easier
if it is related to security. But be sure to manually validate your findings as it does
report false positives.
Download: http://portswigger.net/burp/download.html
22. SOME TERMS USED IN
CLASS
IDOR: Insecure Direct Object Reference
https://www.owasp.org/index.php/Top_10_2013-A4-
Insecure_Direct_Object_References
Rate Limiting:
http://www.websecresearch.com/2014/05/a-way-to-bypass-rate-limiting.html
24. RESOURCES
Tamper Data:Tamper Data is a Firefox Extension which gives you the power to view, record and
even modify outgoing HTTP requests. If you are not familiar with then just take a look at it once, It is
very helpful in identifying the CSRF issues as well as Finding IDOR.
Download: https://addons.mozilla.org/en-US/firefox/addon/tamper-data/
Live http Headers:To be very frank I rarely use this extension, as it has exactly the same function as
in tamper data the only difference is that, you can capture and reply within the same session.
Download: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers/
Default user agent switcher: It gives your ability to change your user agent. Basically i use it to find
mobile version of any site.And you may utilize it whenever you want to see the mobile version of
any website. mostly developers host mobile version on m.xyzdomain.com, but sometimes website
load mobile version after detecting the user agent.With this extension you can change user agent as
mobile and view mobile version of the sites.
Download: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/
Hackbar: It helps us In SQL as well as XSS, also it encode & decode the string,ASCII conversion.This
extension will help you in exploiting sql injections, XSS holes. If you know what you’re doing, this
extension will help you do it faster. If you want to learn SQL exploitation, you can also use this
extension, but you will probably also need a book, a lot of Google and a brain :)
Download: https://addons.mozilla.org/en-US/firefox/addon/hackbar/