1
00:00:00,740 --> 00:00:01,070
‫All right.

2
00:00:01,070 --> 00:00:09,170
‫So basically, Bug Bounty is a general name of the programs that companies open to find security vulnerabilities

3
00:00:09,170 --> 00:00:11,390
‫in their software or websites.

4
00:00:11,940 --> 00:00:18,630
‫So by announcing the bug bounty program to the public, companies allow security testing of their software

5
00:00:18,630 --> 00:00:24,750
‫and usually reward the reporting person for reporting these vulnerabilities.

6
00:00:25,290 --> 00:00:31,440
‫So thanks to bug bounty companies, fix vulnerabilities in their software and prevent these vulnerabilities

7
00:00:31,440 --> 00:00:34,140
‫from hopefully being exploited.

8
00:00:34,760 --> 00:00:37,910
‫But the benefit for hackers is actually quite high.

9
00:00:38,740 --> 00:00:45,160
‫Some possible rewards depending on the program and company, of course money, certificates, recognition

10
00:00:45,670 --> 00:00:48,350
‫name and the Hall of Fame pages.

11
00:00:48,370 --> 00:00:57,670
‫That's a nice option for your CV or some really swank swag packages, like T-shirts and pens and mugs

12
00:00:57,670 --> 00:01:02,110
‫and bags because you really don't have enough of them.

13
00:01:02,640 --> 00:01:06,630
‫But of course, that all depends upon the generosity, the creativity of the company.

14
00:01:06,990 --> 00:01:11,190
‫Sometimes you might even get an apprentice program or a job.

15
00:01:12,350 --> 00:01:13,790
‫But you never can tell.

16
00:01:14,400 --> 00:01:15,780
‫But I'll tell you this.

17
00:01:16,080 --> 00:01:22,020
‫Every bug bounty hunter has a distinctive technique for searching vulnerabilities, and it typically

18
00:01:22,020 --> 00:01:24,510
‫varies from individual to individual.

19
00:01:25,280 --> 00:01:28,190
‫And it does take some time for a researcher.

20
00:01:28,340 --> 00:01:35,960
‫And I put that in quotes, a researcher to improve their personal technique and plenty of experimentation

21
00:01:35,960 --> 00:01:36,920
‫as well.

22
00:01:37,670 --> 00:01:41,000
‫Now there is a methodology of bug bounty hunting.

23
00:01:41,330 --> 00:01:48,500
‫So you've got to generally observe a batch of objectives that goes a little something like this.

24
00:01:49,640 --> 00:01:51,860
‫Analyzing the scope of the program.

25
00:01:52,920 --> 00:01:54,360
‫And I'll tell you this for nothing.

26
00:01:54,360 --> 00:01:57,870
‫The scope is the most important aspect of a bug bounty program.

27
00:01:57,900 --> 00:01:58,620
‫Why?

28
00:01:58,830 --> 00:02:04,310
‫Because it tells you which assets to test and you don't want to spend time testing out of scope domains.

29
00:02:04,320 --> 00:02:08,070
‫Believe me, not that I speak from experience or anything.

30
00:02:09,690 --> 00:02:12,450
‫Also, you've got to be looking for valid targets.

31
00:02:12,960 --> 00:02:19,320
‫So valid targets are the targets that help you quickly test for vulnerabilities in the scope and reduce

32
00:02:19,320 --> 00:02:20,880
‫wasting any more time.

33
00:02:21,940 --> 00:02:23,200
‫Reconnaissance.

34
00:02:23,470 --> 00:02:30,410
‫So this step is obviously a very important step and exploring an area to get confidential information.

35
00:02:30,430 --> 00:02:33,850
‫Now, it also plays a key role in penetration testing.

36
00:02:34,970 --> 00:02:37,010
‫Reviewing all applications.

37
00:02:37,250 --> 00:02:43,460
‫Now, at this stage, this is where you review all the applications and select the ones based on your

38
00:02:43,460 --> 00:02:44,330
‫skill set.

39
00:02:46,660 --> 00:02:49,810
‫Fuzzing for errors to expose flaws.

40
00:02:50,050 --> 00:02:51,790
‫You remember what fuzzing is, right?

41
00:02:52,640 --> 00:02:56,090
‫It's basically defined as iteration.

42
00:02:56,720 --> 00:03:03,770
‫But you and I know it as the fastest way to hack an application is to test all of its input parameters.

43
00:03:05,020 --> 00:03:05,890
‫And then.

44
00:03:06,640 --> 00:03:08,740
‫Comes exploiting vulnerabilities.

45
00:03:09,390 --> 00:03:16,110
‫So in conventional penetration tests, vulnerability exploitation is not that important.

46
00:03:16,200 --> 00:03:23,940
‫But in bug bounty hunting, the stronger the proof of concept, the better and bigger the reward.

47
00:03:24,830 --> 00:03:27,860
‫Of course, that depends on the generosity of the company.

48
00:03:29,980 --> 00:03:35,890
‫So to become a bug hunter, while the crucial aspect is to learn about web application technologies

49
00:03:35,890 --> 00:03:38,260
‫and mobile application technologies alike.

50
00:03:38,380 --> 00:03:42,700
‫So these are the things that are going to kick start your career as a bug bounty hunter.

51
00:03:43,620 --> 00:03:48,530
‫Now, apart from knowing about some technologies, you also should be aware of, the vulnerabilities

52
00:03:48,530 --> 00:03:56,300
‫are commonly used like injection, broken authentication, cross-site scripting or access, broken access,

53
00:03:56,300 --> 00:04:00,050
‫control, security misconfiguration and the like.

54
00:04:02,790 --> 00:04:05,150
‫Now bug bounty platforms.

55
00:04:05,160 --> 00:04:10,530
‫These are software programs that are used to distribute bug bounty programs.

56
00:04:11,140 --> 00:04:18,700
‫So a bug bounty application is a deal or a praise presented for non-public people who control to find

57
00:04:18,700 --> 00:04:21,400
‫bugs and vulnerabilities and web applications correctly.

58
00:04:21,400 --> 00:04:24,610
‫Crowdsourcing Flaw and Vulnerability Management.

59
00:04:24,850 --> 00:04:31,540
‫Most organizations use bug bounty platforms to complement their in residence QA and bug locating efforts.

60
00:04:32,450 --> 00:04:39,100
‫But here I want to show you is pretty much the top bug bounty platforms, right?

61
00:04:39,110 --> 00:04:45,200
‫So by becoming a member of these platforms, you can test your skills and maybe win lots of prizes.

62
00:04:46,560 --> 00:04:46,980
‫Anyway.

63
00:04:46,980 --> 00:04:51,180
‫What's the difference between penetration testing and bug bounty hunting?

64
00:04:52,770 --> 00:04:54,900
‫Well, remember the criteria, right?

65
00:04:55,560 --> 00:04:56,610
‫The scope.

66
00:04:57,060 --> 00:05:02,220
‫So pen tests are conducted to meet the exacting needs of a specific client.

67
00:05:02,820 --> 00:05:08,850
‫Indeed, there are many types of assessments ranging from internal and external network testing to web

68
00:05:08,850 --> 00:05:11,640
‫application testing, wireless testing, and many more.

69
00:05:12,710 --> 00:05:19,760
‫Bug bounty programs are focused only on testing Web sites and Web applications that are publicly accessible.

70
00:05:19,880 --> 00:05:26,540
‫So for this reason, bounty programs can't detect vulnerabilities inside of a network or before websites

71
00:05:26,540 --> 00:05:28,130
‫and applications go live.

72
00:05:28,280 --> 00:05:29,630
‫Makes sense, right?

73
00:05:31,140 --> 00:05:32,100
‫Duration.

74
00:05:32,640 --> 00:05:37,860
‫So pen test must be completed within a time specified by the customer.

75
00:05:38,550 --> 00:05:44,730
‫On the other hand, bug bounty programs are not conducted in line with specific deadlines and for that

76
00:05:44,730 --> 00:05:48,930
‫very reason are best used in continuous testing.

77
00:05:49,410 --> 00:05:54,420
‫So it makes them ideal for large technology businesses that are constantly releasing new products and

78
00:05:54,420 --> 00:05:55,170
‫updates.

79
00:05:55,680 --> 00:05:56,850
‫What about the cost?

80
00:05:57,030 --> 00:06:02,370
‫Yeah, the cost of a penetration test is typically based on the number of days required for hackers

81
00:06:02,370 --> 00:06:04,890
‫to achieve the agreed objective of the test.

82
00:06:05,660 --> 00:06:12,230
‫And on the other hand, most bug bounty platforms allow organizations to set the price they are prepared

83
00:06:12,230 --> 00:06:13,730
‫or willing to pay.

84
00:06:14,620 --> 00:06:19,270
‫Now, while this may seem appealing, setting bounties too low might well deter testers.

85
00:06:19,570 --> 00:06:22,240
‫But again, you got to judge that for yourself.

86
00:06:24,230 --> 00:06:32,990
‫Now a bug bounty is not a ransom paid to hackers who discover a vulnerability, exploit it, and then

87
00:06:32,990 --> 00:06:35,750
‫try to sell that data to an organization.

88
00:06:36,170 --> 00:06:36,710
‫All right.

89
00:06:36,710 --> 00:06:37,880
‫Let me be clear.

90
00:06:37,880 --> 00:06:40,190
‫This is not a ransom.

91
00:06:41,050 --> 00:06:47,410
‫A bug bounty program is described with the aid of using a clear scope, hints and controlled with the

92
00:06:47,410 --> 00:06:49,990
‫aid of using a verified process.

93
00:06:50,980 --> 00:06:57,880
‫Bug bounties are set up to attach corporations of people that want to help each other whether or not

94
00:06:57,880 --> 00:06:58,870
‫they prefer it.

95
00:06:59,080 --> 00:06:59,560
‫Right.

96
00:06:59,560 --> 00:07:00,790
‫So firms.

97
00:07:01,810 --> 00:07:07,900
‫Specifically state the goal system or products which might be in the scope of this program.

98
00:07:08,380 --> 00:07:12,790
‫They also can specify targets and structures which might be out of scope.

99
00:07:14,280 --> 00:07:17,760
‫They additionally give an explanation for the rules of the program.

100
00:07:18,260 --> 00:07:21,150
‫Then, as time passes, is coverage of information.

101
00:07:21,150 --> 00:07:22,950
‫Program rules may change.

102
00:07:23,460 --> 00:07:28,560
‫It is necessary, though, to follow these changes through the notification channels of the bug bounty

103
00:07:28,560 --> 00:07:29,330
‫program.

104
00:07:29,340 --> 00:07:32,130
‫That's why bug bounty programs are essential.

105
00:07:33,060 --> 00:07:38,880
‫Let's say, for example, you've detected a vulnerability in an out of scope system or website of the

106
00:07:38,880 --> 00:07:40,440
‫company that owns a program.

107
00:07:40,800 --> 00:07:44,400
‫Well, you're not going to receive any reward when you report it.

108
00:07:45,240 --> 00:07:46,920
‫You might be doing them a favor.

109
00:07:47,520 --> 00:07:56,760
‫But when you follow the notifications, the system or website that you found may actually be included

110
00:07:56,760 --> 00:07:57,570
‫in the scope.

111
00:07:57,570 --> 00:08:04,680
‫And then if you are the first to forward that vulnerability that you find, then you may indeed be rewarded.

112
00:08:04,830 --> 00:08:06,030
‫Now, by the way.

113
00:08:06,760 --> 00:08:16,060
‫It is necessary to mention rewards if two different people detect the same vulnerability or vulnerabilities

114
00:08:16,060 --> 00:08:18,280
‫or even an exploitation.

115
00:08:18,370 --> 00:08:21,820
‫The very first to submit gets the prize.

116
00:08:23,260 --> 00:08:27,100
‫The second senator is not usually even acknowledged, let alone rewarded.

117
00:08:27,100 --> 00:08:32,080
‫But sometimes small rewards are sent for motivational purposes.

118
00:08:32,350 --> 00:08:35,440
‫So in that respect, what I'm telling you is true.

119
00:08:35,560 --> 00:08:38,710
‫It's very important to follow the notifications.