Page 44 - Hands-On Bug Hunting for Penetration Testers
P. 44
Choosing Your Hunting Ground Chapter 2
Summary
This chapter discussed the criteria you can use to evaluate bug bounty marketplaces,
programs, and individual pentesting targets. It covered different types of programs, their
distinguishing features, and some of the basics of the bug bounties offered by Amazon,
Facebook, Google, GitHub, and Microsoft, along with the learning resources and the
general value of third-party bug bounty marketplaces such as Bugcrowd, HackerOne ,
Vulnerability Lab, BountyFactory, and Synack. It also went over the appeal of swag reward
programs, the unique role of the Internet bug bounty Program, the nature of Coordinated
Vulnerability Disclosure and the risks in using third-party brokers, along with how the
Rules of Engagement/code of conduct for different bug bounty programs can differ. Finally,
it covered setting up systems and processes within your own pentesting engagements to
abide by those rules and protect yourself as much as possible.
Questions
1. What are some differences between third-party marketplaces such as Bugcrowd
and bug bounty programs offered by individual companies?
2. Is it worth it to participate in programs that reward vulnerabilities with swag?
Why or why not?
3. What's a private bug bounty program?
4. What are some resources you can use to find programs not covered in this
chapter?
5. What makes a site more or less attractive as a hunting ground for reward-eligible
bugs?
6. What is coordinated vulnerability disclosure?
7. What steps can you take to minimize your legal liability during a pentesting
session?
[ 29 ]
