Page 37 - Hands-On Bug Hunting for Penetration Testers
P. 37

Choosing Your Hunting Ground                                                Chapter 2

            Amazon

            Amazon has vulnerability programs for both its e-commerce and cloud services divisions.

            An important point is that Amazon requires you to register and ask for permission before
            conducting any sort of pentesting engagement. This is critical, and a key way the company
            differs from some of its competitors. Instead of an open-ended participation model where,
            as long as you abide by the rules of engagement, you can expect immunity, Amazon
            enforces a permissions-first model to better contain pentesting activity and differentiate
            White- and Black-Hat activity.

            Amazon has a multitude of white papers, blog posts, and documentation on how security
            works within Amazon, but less material than Facebook or Google to help with penetration
            testing or bug bounty participation generally.


            GitHub


            GitHub offers a bounty program that covers a wide array of its properties, including the
            API, enterprise app, and main rails site (IUUQT   HJUIVC DPN ), with payouts ranging from
            $555 to $20,000 for most of those targets.
            One neat feature of the GitHub program is that each participant who successfully submits a
            bounty receives a profile page that d in addition to showing the points they've
            accumulated, rank, and earned badges d lists their reported vulnerabilities with a short
            technical blurb about each one. Like the published submission reports on other platforms,
            any technical detail about a successfully-discovered vulnerability is an invaluable insight
            into winning strategies, both in general and for the site in question.
            And if you're looking to parlay finding bugs into a larger career in security, profile pages
            such as the ones offered by GitHub, Bugcrowd, and HackerOne can be great bullet points
            on your resume.



            Microsoft
            Microsoft has a rewards program covering both its consumer-software-stable and web-app
            products, such as their cloud offering, Azure. The Microsoft Bounty Program site goes into
            detail about submission-report formatting, showing examples of both good and bad
            specimens, and has detailed, specific testing guidelines for every Microsoft property
            included. But there isn't a deep reserve of learning material from a general pentesting
            perspective, and less in the way of community. Microsoft, like many other companies, has
            its own public leaderboard and ranking system.


                                                    [ 22 ]
   32   33   34   35   36   37   38   39   40   41   42