Catch Me If You Can - Ephemeral Vulnerabilities in Bug Bounties
Offered By: 44CON Information Security Conference via YouTube
Course Description
Overview
Explore the concept of ephemeral vulnerabilities in bug bounty programs through this informative conference talk from 44CON 2018. Discover how the rapidly changing internet landscape, driven by cloud computing, creates brief windows of vulnerability in networks and applications. Learn about critical security flaws that exist only for short periods and how to identify and exploit them. Gain insights into continuous security assessment techniques, understand the root causes and impact of ephemeral vulnerabilities, and examine real-world examples from companies like Uber and Slack. Acquire knowledge on how to avoid these fleeting security risks and adapt to the shifting paradigm of cybersecurity in the modern digital era.
Syllabus
Intro
What Are Ephemeral Vulnerabilities?
Bug Bounties
Bounties Are Not Pen Tests
Getting Paid
Shifting To Continuous Security Assessment
Continuous Assessment
Root Causes of Ephemeral Vulnerabilities
Impact of Ephemeral Vulnerabilities
Evaluating AMPScript on Uber
Breaking Into "e-Commerce Company's" CI
Exposed Git Repository on Slack leading to Source Code and Secrets
Some More Examples
Avoiding Ephemeral Vulnerabilities
Taught by
44CON Information Security Conference
Related Courses
Supply Chain Unchained - How To Be A Bad SaaS44CON Information Security Conference via YouTube Aviation Security 101
44CON Information Security Conference via YouTube The Anti-Checklist Manifesto
44CON Information Security Conference via YouTube Why Are We Still Doing Authentication Wrong?
44CON Information Security Conference via YouTube What Do Hackers See When They Look at the Clouds
44CON Information Security Conference via YouTube