Abstract

• How to kickstart with Bug Bounty?
• How you should approach the target?
• How to keep yourself updated about different methodologies?
• How to keep a balance between your professional job and bug bounty?
• What all techniques and tools are in use?
• How to do Bug Bounty the ethical way?
• How to be consistent in bug bounty and not lose hope?
• How to draft and write POCs?
• How to communicate with companies?

If you're new to Bug Bounty or already into it, these were some of the questions that might have come to your mind at some point in time. If you're looking for answers to these and need to know how to be successful in Bug Bounty, then this talk is meant for you. This talk will walk you through the process for Bug Bounty and will also showcase the some of the critical bugs I found in NASA, LinkedIn, Paytm, BookMyShow and some more top companies.

Speaker

Avinash Jain

I am a cybersecurity researcher and an ethical hacker working as a full time security engineer in an Indian E-commerce company, Grofers. I'm also a part time bug bounty hunter - acknowledged by various MNCs like Google, Yahoo, NASA, LinkedIn, Indian Railways and some top companies of India more than 100+. I am also an active blogger on Medium where I write about interesting vulnerabilities that I find on my bug bounty journeys. Various articles and interviews have been published in various security magazines, newspapers and newsletters like Economic Times, HuffingtonPost, Hakin9, Hackerone etc. I am also a cybersecurity speaker, invited by various e-commerce companies and security conferences. Recently I was over some news media for my hack in NASA and Indian Railways IRCTC.

Building DevSecOps, Managing application security, performing penetration testing, hardening network and infrastructure, and automating security tasks and fan of Ansible and Vault , are some of the things I take care of on a daily basis

Timing

Starts at Saturday October 13 2018, 12:15 PM. The sessions runs for about 1 hour.

Resources