Bug Bounties
Contents
A bug is a flaw in a program code that could possibly lead to security issues.
Bug bounties are a way for companies to encourage the public (with a financial reward) to find and report issues so that the vulnerabiliites can be fixed.
Scope
Companies often have a scope of vulnerabilities that they wish for you to investigate.
They would also have a list of things which they would not want for you to explore.
Process
- Find a suitable program
- Review the scape
- Find target
- Hit the target
- Write a report
- Submit the report
One of the tools, Fuzzing
Mutation based - generation based
Using AFL (mutation based)…
- bit flip
- byte flip
- arithmetics
- havoc
- trim