Editor’s Note: Today I’d like to introduce you to Bugcrowd member Anshuman Bhartiya (anshuman_bh). As an information security professional as well as bug bounty researcher, Anshuman has helped improve the security of many organizations. He has submitted several P1 & P2 bugs leading to his high standing within the programs he is involved in. As an active member on our Bugcrowd forum he also contributes to the bug bounty researcher community. This blog is from one of his responses on the forum that he has allowed us to post here. We are thrilled to share his thoughts and experience on how to successfully approach a target. Thanks!
About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. After his first few bugs, he came to realize that bug bounties are a great way to learn more about web application security as well as make some extra money while going to school – computer science major. Currently Ben is an intern at Bugcrowd and continues to do bug bounty research. You can see more of his work on nahamsec.com.
Like Employee of the Month but better, I’m excited to tell you about the three Crowd members that earned top spots on the April 2015 Hall of Fame. We have a ton of amazing researchers contributing solid bugs every day, but these three ninjas earned the most Kudos points in Bugcrowd bounty programs from April 1 to April 30 2015. To thank them for their hard work, Bugcrowd is pleased to announce they’ll receive performance bonuses.
We’re joined by Fredrik “Almroot” Almroth, a Bugcrowd community member and highly skilled security researcher. Fredrik has been active in bug bounties since 2010, when he found his first Google vulnerability. Fredrik and his team at Detectify have found vulnerabilities in many of the top bug bounties in the world, including Google and Facebook. He’s one of the most prolific security researchers in the community and it was great to get Fredrik to share some of his tips and tricks.