The Boring AppSec Podcast

S1E03 - Bug Bounties

Listen Later

Welcome to the Boring AppSec Podcast! In Episode 3, we discuss all things bug bounties. The researcher side as well as the program owner's side. Enter at your own will as we have a lot of hot takes.


References:

We will try and add information about all the references we make here. Please enter rabbit holes at will :) 

  1. Bug Bounty Platforms
    • Bugcrowd - https://www.bugcrowd.com/ 
    • HackerOne - https://www.hackerone.com/ 
    • Intigrity - https://www.intigriti.com/ 
    • Synack - https://www.synack.com/ 

      • 2. Vulnerability Disclosure Process - https://www.cisa.gov/coordinated-vulnerability-disclosure-process 

      3. Google’s Project Zero vulnerability disclosure policy - https://googleprojectzero.blogspot.com/p/vulnerability-disclosure-faq.html  

      4. CVSS Calculator - https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator  

      5. Handling A Bug Bounty program From A Blue Team Perspective - https://www.youtube.com/watch?v=Vgy150R4bRw&t=0s

      6. Consumer Bug Bounty Panel - https://www.youtube.com/watch?v=Y8X6pV7rdbA&t=0s


      Contacting Anshuman

      1. LinkedIn: ⁠⁠⁠https://www.linkedin.com/in/anshumanbhartiya/⁠⁠⁠ 
      2. Twitter: ⁠⁠⁠https://twitter.com/anshuman_bh⁠⁠⁠ 
      3. Website: ⁠⁠⁠https://anshumanbhartiya.com/⁠⁠⁠
      4. Instagram: ⁠⁠https://www.instagram.com/anshuman.bhartiya/⁠⁠ 
      5. YouTube: ⁠⁠https://www.youtube.com/@AnshumanBhartiya⁠⁠   

        6. Contacting Sandesh

        1. LinkedIn: ⁠⁠⁠https://www.linkedin.com/in/anandsandesh/⁠⁠⁠ 
        2. Twitter: ⁠⁠⁠https://twitter.com/JubbaOnJeans/⁠⁠⁠ 
        3. Website: ⁠⁠⁠https://boringappsec.substack.com/⁠⁠⁠ 
          4. ...more
          View all episodesView all episodes
          Download on the App Store
          The Boring AppSec PodcastBy The Boring AppSec Podcast