Abstract

The Game of Bug Bounty Hunting - Money, Drama, Action and Fame

List of Topics to be covered:

1. History of Bug bounties
2. Difference between Penetration Test and Bug Bounties
3. What is the X-factor? How to get it?
4. How a Pentester turns into a bug bounty hunter?
- Platforms, ways to participate
5. Bug Hunter Methodology
- The tricks and tips
- Practicals of approaching a target
- Creating the best possible of the scope
- Where to look and what to look for
- XSS, CSRF, SQLi, IDOR .....
- How much important is the report ?
- Best tools to use
6. Let's do it right now....
7. Legal issues and being safe
8. Best of the submissions - Hackerone
9. Hackers to follow, blogs to read
10. How to Learn and improvise

Prerequisites:

  1. Basics of web/mobile application security
  2. Ability to ask questions and laugh on jokes
  3. Laptop

Speaker

Abhinav Mishra

With the unconditional love towards security, be it applications or network, I have been hacking since 6+ years. Professionally, worked with multiple organisations to strengthen their web/infra security. A member of Synack Red Team, and one of the Top 5 mobile security researcher in SRT leaderboard. Personally, movie buff, hollywood movie lover, Indian and folk music fan, traveler, trainer, speaker, part time bug bounty hunter.

Timing

Starts at Sunday August 28 2016, 11:00 AM. The sessions runs for about 4 hours.

Resources