Methodology for Cybersecurity Bug Bounty Programs - [BugCrowd]

in #science7 years ago

The team at BugCrowd, a platform for bug bounty programs, has posted a series to help people interested in getting into the field. I would have to say, bug bounty is pretty lucrative when it comes to cybersecurity.

For example, if you find simple bugs in web applications you could be rewarded in the hundreds to thousands of dollars (depending on the type of vulnerability you found). You can even reach tens of thousands if you get RCEs (remote code execution).

The big $$$ are however when you find critical flaws and bugs in operating systems (someone said Microsoft?). If you're able to directly report the bug (to the OS providers), you could get hundreds of thousands and (yes) millions of dollars for kernel vulnerabilities).

Okay, but like anything else that pays big, it's actually quite complex and difficult to be good at this. It's not impossible, but it's difficult and it requires tremendous effort in code auditing, testing, pentesting, and all the related assessments.

Plus, if you're talking about system vulnerabilities you might need to be literate in more than one domains of security (including programming). No matter how hard it is or it may get, to me this is extremely attractive and engaging.

And what's even better is that today we have platforms like BugCrowd for bug bounties that create a legal and safe bridge for security researchers and pentesters to do their work. The video below is an example methodology that Jason Haddix suggests.



To stay in touch with me, follow @cristi


Cristi Vlad Self-Experimenter and Author

Sort:  

Cyber security has to be improved so has to reduce the risk of hackers and crackers

Good post, Cristi. Most people really don't understand how important these bug bounty programs are.

Congratulations @cristi! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of posts published

Click on the badge to view your Board of Honor.
If you no longer want to receive notifications, reply to this comment with the word STOP

To support your work, I also upvoted your post!

Do not miss the last post from @steemitboard!


Participate in the SteemitBoard World Cup Contest!
Collect World Cup badges and win free SBD
Support the Gold Sponsors of the contest: @good-karma and @lukestokes


Do you like SteemitBoard's project? Then Vote for its witness and get one more award!

Hi! Maintaining relationships while incarcerated can improve inmates' mental health and reduce recidivism rates. By providing a safe and secure platform for communication, Securus Technologies fosters positive relationships between inmates and their support network. Everyone can read about how to use their services in their help system, and if difficulties arise while using the services, then you can call the securus technologies number and they will provide clear instructions on how to fix it.