Page 34 - Hands-On Bug Hunting for Penetration Testers
P. 34

Choosing Your Hunting Ground                                                Chapter 2

            Vulnerability Lab

            Vulnerability lab is a submission-and-disclosure platform that uses a team of in-house
            experts to vet high-profile vulnerabilities, but also accepts submissions on less
            critical/lower-profile bugs. One of their site's features actually involves receiving reports for
            critical vulnerabilities that a researcher might not want to submit directly and acting as a
            point of contact and third-party broker for the researcher with the affected company.

            Like HackerOne, it publicly discloses bug reports after a window of time has elapsed, and
            is a useful reference for beginners looking to better understand the form of bug reports, and
            methods for discovering and reporting common vulnerabilities. Their public index of
            vulnerabilities is also tagged with the type of system each bug was found on, making it a
            nice resource when you're trying to get a sense of application-specific problems.


            BountyFactory

            BountyFactory, which touts itself as the first European bug bounty platform that relies on
            European rules and legislation, is run by the larger YesWeH4ck group, an Infosec recruiting
            company founded in 2013 that's made up of a bug bounty platform, a job board
            (YesWeH4ck Jobs), a coordinated vulnerability-disclosure platform (ZeroDisclo), and an
            aggregation of all public bug bounty programs (FireBounty). Like Bugcrowd and
            HackerOne, BountyFactory has a scoring system, leaderboard, and both public and private
            programs, for which it extends a limited number of invitations.

            Because of its European orientation, BountyFactory is great for finding companies, such as
            OVH, Orange, and Qwant, that aren't on the popular, American-run alternatives. Many of
            its clients are straight out of the French start-up scene.


            Synack

            Synack relies on a completely different business model from all the other programs we've
            discussed.

            As a private program that prides itself on its quality and exclusivity, Synack requires more
            than just an email to become a researcher. The company asks for personal information,
            requests a video interview, initiates a background and ID check, and conducts a skills
            assessment to ensure their researchers are capable and responsible enough to audit
            programs where they might come into contact with sensitive data (one of Synack's
            specialties).





                                                    [ 19 ]
   29   30   31   32   33   34   35   36   37   38   39