1
00:00:00,770 --> 00:00:01,100
‫All right.

2
00:00:01,100 --> 00:00:09,170
‫So basically, Bug Bounty is a general name of the programs that companies open to find security vulnerabilities

3
00:00:09,170 --> 00:00:11,450
‫in their software or websites.

4
00:00:11,940 --> 00:00:18,660
‫So by announcing the bug bounty program to the public, companies allow security testing of their software

5
00:00:18,660 --> 00:00:24,840
‫and usually reward the reporting person for reporting these vulnerabilities.

6
00:00:25,320 --> 00:00:31,440
‫So thanks to bug bounty companies, fix vulnerabilities in their software and prevent these vulnerabilities

7
00:00:31,440 --> 00:00:34,170
‫from hopefully being exploited.

8
00:00:34,750 --> 00:00:37,930
‫But the benefit for hackers is actually quite high.

9
00:00:38,710 --> 00:00:42,200
‫Some possible rewards depending on the program and company, of course.

10
00:00:42,220 --> 00:00:43,090
‫Money.

11
00:00:43,090 --> 00:00:43,870
‫Certificates.

12
00:00:43,870 --> 00:00:45,190
‫Recognition.

13
00:00:45,580 --> 00:00:48,360
‫Name in the Hall of Fame pages.

14
00:00:48,370 --> 00:00:57,700
‫That's a nice option for your CV or some really swank swag packages like t shirts and pens and mugs

15
00:00:57,700 --> 00:01:02,170
‫and bags, because you really don't have enough of them.

16
00:01:02,640 --> 00:01:06,690
‫But of course, that all depends upon the generosity, the creativity of the company.

17
00:01:07,020 --> 00:01:11,250
‫Sometimes you might even get an apprentice program or a job.

18
00:01:12,430 --> 00:01:13,840
‫But you never can tell.

19
00:01:14,370 --> 00:01:15,840
‫But I'll tell you this.

20
00:01:16,020 --> 00:01:22,020
‫Every bug bounty hunter has a distinctive technique for searching vulnerabilities, and it typically

21
00:01:22,020 --> 00:01:24,600
‫varies from individual to individual.

22
00:01:25,310 --> 00:01:32,450
‫And it does take some time for a researcher, and I put that in quotes, a researcher to improve their

23
00:01:32,450 --> 00:01:36,980
‫personal technique and plenty of experimentation as well.

24
00:01:37,730 --> 00:01:45,440
‫Now there is a methodology of bug bounty hunting, so you've got to generally observe a batch of objectives

25
00:01:45,440 --> 00:01:48,530
‫that goes a little something like this.

26
00:01:49,670 --> 00:01:51,920
‫Analyzing the scope of the program.

27
00:01:52,980 --> 00:01:54,360
‫And I'll tell you this for nothing.

28
00:01:54,360 --> 00:01:57,920
‫The scope is the most important aspect of a bug bounty program.

29
00:01:57,930 --> 00:01:58,620
‫Why?

30
00:01:58,800 --> 00:02:04,320
‫Because it tells you which assets to test and you don't want to spend time testing out of scope domains.

31
00:02:04,320 --> 00:02:08,130
‫Believe me, not that I speak from experience or anything.

32
00:02:09,660 --> 00:02:12,540
‫Also, you've got to be looking for valid targets.

33
00:02:12,900 --> 00:02:19,320
‫So valid targets are the targets that help you quickly test for vulnerabilities in the scope and reduce

34
00:02:19,320 --> 00:02:20,940
‫wasting any more time.

35
00:02:21,940 --> 00:02:23,290
‫Reconnaissance.

36
00:02:23,410 --> 00:02:30,430
‫So this step is obviously a very important step in exploring an area to get confidential information.

37
00:02:30,460 --> 00:02:33,880
‫Now, it also plays a key role in penetration testing.

38
00:02:34,910 --> 00:02:37,130
‫Reviewing all applications.

39
00:02:37,220 --> 00:02:43,460
‫Now, at this stage, this is where you review all the applications and select the ones based on your

40
00:02:43,460 --> 00:02:44,390
‫skill set.

41
00:02:46,660 --> 00:02:49,920
‫Fuzzing for errors, to expose flaws.

42
00:02:49,930 --> 00:02:51,820
‫You remember what fuzzing is, right?

43
00:02:52,670 --> 00:02:56,180
‫It's basically defined as iteration.

44
00:02:56,660 --> 00:03:03,860
‫But you and I know it as the fastest way to hack an application is to test all of its input parameters.

45
00:03:05,020 --> 00:03:05,920
‫And then.

46
00:03:06,670 --> 00:03:08,800
‫Comes exploiting vulnerabilities.

47
00:03:09,360 --> 00:03:16,120
‫So in conventional penetration tests, vulnerability exploitation is not that important.

48
00:03:16,140 --> 00:03:24,000
‫But in bug bounty hunting, the stronger the proof of concept, the better and bigger the reward.

49
00:03:24,850 --> 00:03:27,880
‫Of course, that depends on the generosity of the company.

50
00:03:29,980 --> 00:03:31,870
‫So to become a bug hunter.

51
00:03:32,350 --> 00:03:37,630
‫While the crucial aspect is to learn about web application technologies and mobile application technologies

52
00:03:37,630 --> 00:03:38,350
‫alike.

53
00:03:38,380 --> 00:03:42,730
‫So these are the things that are going to kick start your career as a bug bounty hunter.

54
00:03:43,670 --> 00:03:48,770
‫Now, apart from knowing about some technologies, you also should be aware of the vulnerabilities are

55
00:03:48,770 --> 00:03:56,300
‫commonly used like injection, broken authentication, cross-site scripting or excess broken access

56
00:03:56,300 --> 00:04:00,050
‫control, security misconfiguration and the like.

57
00:04:02,790 --> 00:04:05,160
‫Now bug bounty platforms.

58
00:04:05,160 --> 00:04:10,560
‫These are software programs that are used to distribute bug bounty programs.

59
00:04:11,140 --> 00:04:18,730
‫So a bug bounty application is a deal or a praise presented for non-public people who control to find

60
00:04:18,730 --> 00:04:21,400
‫bugs and vulnerabilities and web applications correctly.

61
00:04:21,400 --> 00:04:24,640
‫Crowdsourcing flaw and Vulnerability Management.

62
00:04:24,880 --> 00:04:31,570
‫Most organizations use bug bounty platforms to complement their in residence, QA and bug locating efforts.

63
00:04:32,450 --> 00:04:39,110
‫But here I want to show you is pretty much the top bug bounty platforms, right?

64
00:04:39,140 --> 00:04:45,260
‫So by becoming a member of these platforms, you can test your skills and maybe win lots of prizes.

65
00:04:46,590 --> 00:04:46,980
‫Anyway.

66
00:04:46,980 --> 00:04:51,210
‫What's the difference between penetration testing and bug bounty hunting?

67
00:04:52,740 --> 00:04:54,930
‫Well, remember the criteria, right?

68
00:04:55,440 --> 00:04:56,670
‫The scope.

69
00:04:57,030 --> 00:05:02,310
‫So pen tests are conducted to meet the exacting needs of a specific client.

70
00:05:02,820 --> 00:05:08,850
‫Indeed, there are many types of assessments ranging from internal and external network testing to web

71
00:05:08,850 --> 00:05:11,700
‫application testing, wireless testing, and many more.

72
00:05:12,680 --> 00:05:19,860
‫Bug bounty programs are focused only on testing websites and web applications that are publicly accessible.

73
00:05:19,880 --> 00:05:26,540
‫So for this reason, bounty programs can't detect vulnerabilities inside of a network or before websites

74
00:05:26,540 --> 00:05:28,190
‫and applications go live.

75
00:05:28,220 --> 00:05:29,630
‫Makes sense, right?

76
00:05:31,110 --> 00:05:32,220
‫Duration.

77
00:05:32,580 --> 00:05:37,920
‫So pen tests must be completed within a time specified by the customer.

78
00:05:38,580 --> 00:05:44,730
‫On the other hand, bug bounty programs are not conducted in line with specific deadlines and for that

79
00:05:44,730 --> 00:05:49,020
‫very reason, our best used in continuous testing.

80
00:05:49,380 --> 00:05:54,450
‫So it makes them ideal for large technology businesses that are constantly releasing new products and

81
00:05:54,450 --> 00:05:55,260
‫updates.

82
00:05:55,710 --> 00:05:56,910
‫What about the cost?

83
00:05:56,940 --> 00:06:02,370
‫Yeah, the cost of a penetration test is typically based on the number of days required for hackers

84
00:06:02,370 --> 00:06:04,920
‫to achieve the agreed objective of the test.

85
00:06:05,690 --> 00:06:12,230
‫And on the other hand, most bug bounty platforms allow organizations to set the price they are prepared

86
00:06:12,230 --> 00:06:13,760
‫or willing to pay.

87
00:06:14,590 --> 00:06:19,360
‫Now, while this may seem appealing, setting bounties too low might well deter testers.

88
00:06:19,480 --> 00:06:22,300
‫But again, you've got to judge that for yourself.

89
00:06:24,260 --> 00:06:33,020
‫Now a bug bounty is not a ransom paid to hackers who discover a vulnerability, exploit it, and then

90
00:06:33,020 --> 00:06:35,840
‫try to sell that data to an organization.

91
00:06:36,170 --> 00:06:36,680
‫All right.

92
00:06:36,680 --> 00:06:37,880
‫Let me be clear.

93
00:06:37,880 --> 00:06:40,220
‫This is not a ransom.

94
00:06:41,020 --> 00:06:47,410
‫A bug bounty program is described with the aid of using a clear scope hints and controlled with the

95
00:06:47,410 --> 00:06:50,050
‫aid of using a verified process.

96
00:06:50,950 --> 00:06:57,880
‫Bug bounties are set up to attach corporations of people that want to help each other, whether or not

97
00:06:57,880 --> 00:06:58,810
‫they prefer it.

98
00:06:58,990 --> 00:06:59,560
‫Right.

99
00:06:59,560 --> 00:07:00,820
‫So firms.

100
00:07:01,840 --> 00:07:07,960
‫Specifically state the goal system or products which might be in the scope of this program.

101
00:07:08,380 --> 00:07:12,910
‫They also can specify targets and structures which might be out of scope.

102
00:07:14,250 --> 00:07:17,850
‫They additionally give an explanation for the rules of the program.

103
00:07:18,180 --> 00:07:22,980
‫Then as time passes is coverage of information program rules may change.

104
00:07:23,430 --> 00:07:28,560
‫It is necessary, though, to follow these changes through the notification channels of the bug bounty

105
00:07:28,560 --> 00:07:29,340
‫program.

106
00:07:29,340 --> 00:07:32,190
‫That's why bug bounty programs are essential.

107
00:07:33,090 --> 00:07:38,910
‫Let's say, for example, you've detected a vulnerability in an out of scope system or website of the

108
00:07:38,910 --> 00:07:40,500
‫company that owns a program.

109
00:07:40,830 --> 00:07:44,460
‫Well, you're not going to receive any reward when you report it.

110
00:07:45,210 --> 00:07:47,040
‫You might be doing them a favor.

111
00:07:47,460 --> 00:07:56,790
‫But when you follow the notifications, the system or website that you found may actually be included

112
00:07:56,790 --> 00:07:57,630
‫in the scope.

113
00:07:57,630 --> 00:08:04,740
‫And then if you are the first two for that vulnerability that you find, then you may indeed be rewarded.

114
00:08:04,770 --> 00:08:06,060
‫Now, by the way.

115
00:08:06,790 --> 00:08:09,790
‫It is necessary to mention rewards.

116
00:08:09,970 --> 00:08:18,880
‫If two different people detect the same vulnerability or vulnerabilities or even an exploitation, the

117
00:08:18,880 --> 00:08:21,910
‫very first to submit gets the prize.

118
00:08:22,930 --> 00:08:23,190
‫Okay.

119
00:08:23,260 --> 00:08:27,100
‫The second sender is not usually even acknowledged, let alone rewarded.

120
00:08:27,100 --> 00:08:32,140
‫But sometimes small rewards are sent for motivational purposes.

121
00:08:32,290 --> 00:08:35,470
‫So in that respect, what I'm telling you is true.

122
00:08:35,560 --> 00:08:38,710
‫It's very important to follow the notifications.