Bug bounty : how to win the race against black-hat hackers ?

eric therond
Jul 9 · 14 min read
Example of a bug report on yeswehack.com bug bounty platform
Example of a naive mod_security rule written automatically from the data of a bug report
Example of a naive PHPUnit test case written automatically from the data of a bug report
Example of naive parsing of logs with the data from of a bug report
Example of rules from https://bugcrowd.com/mastercard
Different steps to attract and retain the best hackers
A bug bounty by design process : continuous testing will start as soon as a new sub domain is created, next on every changes of the website until its end of life.
What motivates bug hunters ?
Owasp to CVSS tool
How do I determine the bounty amount?

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade