This is the first post in our new series: “Bug Bounty Hunter Methodology”. Over the coming weeks, we will share information and resources that will help any aspiring security researcher or bug bounty hunter get their start. If you have any feedback, please tweet us at @Bugcrowd.
Topic: Researcher Resources
Throughout October, November and December 2016, we challenged our crowd to submit bugs against some challenging targets–thick client applications. Previously we announced our October and November winners and today we’re excited to announce our two final two winners:
Throughout October, November and December 2016, we’ve challenged our crowd to submit bugs against some challenging targets–thick client applications. Learn more about the competition here.
Yesterday we shared how some of Bugcrowd’s top-ranked bug hunters fit bounties into their schedule and maximize payouts, and today we’re going to dive a bit deeper with one of those researchers. In today’s post, Brett Buerhaus, ranked 16 on Bugcrowd and experienced security researcher, shares his method for approaching new bug bounties and writing bug submissions.
In our recently published report on the bug hunting community, we asked all kinds of bug hunters what motivates them to participate in bug bounties, and how they decide what programs to participate in. Amongst several of the groups identified in the report, time was a huge factor. With a full-time job, family and a social life, how does one fit bug bounty hunting into their busy schedule?
As the bug bounty space has matured, the range of targets to test against has expanded and diversified incredibly. Our programs offer a broad range of targets, from web and mobile, to APIs and IoT devices (even cars)! Over the last several months, Bugcrowd has launched more and more bounty programs that feature thick client applications.
Whether you have skills in testing thick client software, or want to expand your expertise, Bugcrowd has several public programs and numerous private programs available for you to hack on for fun and profit. This quarter we’re running a limited time promotion for all submissions found in thick client applications.