When you design an applications you just work on business logic or how the data model gonna relied or UI interface are gonna relied and a tones of things like that.But while working on things sometimes some bugs or some security issues are left out there not intentionally but randomly out there because these are the huge gigantic applications nobody can actually talk about all the security issues so that's why some bugs are left .
Now, what is nowadays's scenario some people call themselves a Bug bounty hunter ,Penetration tester or a security researchers they just try to analyze the website they report them and they sometime expect that somebody is gonna pay for their work.
No, strictly no.You should not be expecting money unless you are enrolled in the type of paid programmes out there.
When you are working independent as a penetration tester or security researcher you reported a bug out there don't expect the third party person is gonna reply politely out there because some nobody's Twitter ,Google or Facebook or gigantic websites some websites are small and some websites don't have the bug bounty programme even out there so they are gonna take your reports and gonna fix the issue and gonna say thank you !!!!! and you are simply allowing somebody that it is insecure and you want to be secured.
When ever you reports bugs to the Twitter ,Google or Facebook they do have the bug bounty programme and based on the severity of your bug they are gonna reward you sometimes a T-shirt , sometimes a pen-drive and some good amount like $500 or more depends on the severity of your bugs.
But not all the websites are gonna reply you in the same manner. Let us say that the website has a newly bonded and have some funding's and is presenting its topic out there .Now if you report some bugs out there , now if you reports some bugs it totally depends on them they can take as good thing that yes you have gone ahead and reported this bug we gonna reward you . Sometimes they might not have these such types of penetrating testing programme they don't want to test their programmes or applications right now. They can take the reverse action on you as well it totally on them you are nobody to talk about that you can't do that .
Yes there are many ways you can register on the website that this this domain is for the testing go ahead and do what ever you can do and report the bugs but don't share them on the facebook or make the publicity stunt with them it is the good thing .
Not all the website have these types of programmes if you do it is a kind of time waste you are not gonna get anything from that .There are many programmes where you can register Hackerearth ,bug bounty or bug crowd are some of the websites where you will get registered and there will be the list of programmes from which you will get reward like some will give money,some will give T-shirt etc depending on your skills for what website you will choose you are gonna money from them it is easy.
If you want to hunt a bug first you should be aware of the information security, statistics, practice , tactics etc.You should be knowing about DVWA (Damn Vulnerable web applications)and web coat .
these are the great programmes from which you can learn .Now go ahead on the website OWASP ,etc and try to understand that how the bugs are working on the web applications.then for the practice DVWA and web coat is a great place to get started and remember don't play around you found out a website it may be illegal you will gonna be punished.
Facebook Bug Bounty Programme: https://www.facebook.com/BugBounty
Google Bug Bounty Programme:https://www.google.com/about/appsecurity/reward-program/
Now, what is nowadays's scenario some people call themselves a Bug bounty hunter ,Penetration tester or a security researchers they just try to analyze the website they report them and they sometime expect that somebody is gonna pay for their work.
Should We expect money all the time
No, strictly no.You should not be expecting money unless you are enrolled in the type of paid programmes out there.
When you are working independent as a penetration tester or security researcher you reported a bug out there don't expect the third party person is gonna reply politely out there because some nobody's Twitter ,Google or Facebook or gigantic websites some websites are small and some websites don't have the bug bounty programme even out there so they are gonna take your reports and gonna fix the issue and gonna say thank you !!!!! and you are simply allowing somebody that it is insecure and you want to be secured.
When ever you reports bugs to the Twitter ,Google or Facebook they do have the bug bounty programme and based on the severity of your bug they are gonna reward you sometimes a T-shirt , sometimes a pen-drive and some good amount like $500 or more depends on the severity of your bugs.
But not all the websites are gonna reply you in the same manner. Let us say that the website has a newly bonded and have some funding's and is presenting its topic out there .Now if you report some bugs out there , now if you reports some bugs it totally depends on them they can take as good thing that yes you have gone ahead and reported this bug we gonna reward you . Sometimes they might not have these such types of penetrating testing programme they don't want to test their programmes or applications right now. They can take the reverse action on you as well it totally on them you are nobody to talk about that you can't do that .
Yes there are many ways you can register on the website that this this domain is for the testing go ahead and do what ever you can do and report the bugs but don't share them on the facebook or make the publicity stunt with them it is the good thing .
Not all the website have these types of programmes if you do it is a kind of time waste you are not gonna get anything from that .There are many programmes where you can register Hackerearth ,bug bounty or bug crowd are some of the websites where you will get registered and there will be the list of programmes from which you will get reward like some will give money,some will give T-shirt etc depending on your skills for what website you will choose you are gonna money from them it is easy.
How to learn Bug hunting
If you want to hunt a bug first you should be aware of the information security, statistics, practice , tactics etc.You should be knowing about DVWA (Damn Vulnerable web applications)and web coat .
these are the great programmes from which you can learn .Now go ahead on the website OWASP ,etc and try to understand that how the bugs are working on the web applications.then for the practice DVWA and web coat is a great place to get started and remember don't play around you found out a website it may be illegal you will gonna be punished.
Facebook Bug Bounty Programme: https://www.facebook.com/BugBounty
Google Bug Bounty Programme:https://www.google.com/about/appsecurity/reward-program/
No comments:
Post a Comment