Hard Knock Lessons on Bug Bounties
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore hard-earned insights on bug bounty programs in this 43-minute conference talk from AppSecEU 2015 in Amsterdam. Delve into crucial aspects of managing bug bounties, including legal considerations, defining scope, preparing program briefs, and handling public and private programs. Learn how to address challenges such as out-of-scope submissions, issue reproduction, upstream vulnerabilities, and reward structures. Gain valuable knowledge on setting expectations, managing payouts, and navigating the complexities of bug bounty programs to enhance your organization's security posture.
Syllabus
Hard Knock Lessons On Bug Bounties
UNIVERSITY RAPID
2,888 Paid submissions (all time)
First things first
You're going to want to make friends with legal
What is in scope?
How bulletproof is your scope?
Preparing the brief
Sample Public Program
Sample Private Program
Public programs
When expectations aren't
How will you reward useful but out of scope submissions?
Can you reproduce the issue?
Handling upstream issues
What about swag rewards?
When are you going to payout?
Bumping rewards
Taught by
OWASP Foundation
Related Courses
MongoDB for .NET DevelopersMongoDB University Web Application Development – Capstone Course
University of New Mexico via Coursera Ciberseguridad: ataques y contramedidas
Universidad Rey Juan Carlos via Independent Reliable Cloud Infrastructure: Design and Process auf Deutsch
Google Cloud via Coursera Securing and Integrating Components of your Application 日本語版
Google Cloud via Coursera