How to Spot and Resolve Bugs in Applications

James Lyne’s top cyber security bug spotting tips

We’re moving! Come and find us on www.cyberstart.com/blog where you will find even more tips, tricks and industry support. See you there!

Part of being a cyber security professional is finding bugs and helping people fix them, following a strong code of ethics. So building up your skills in this area is really important!

Have you ever spotted a bug within an application? If you have, what did you do about it? Most people don’t know what to do, but as a cyber security expert in training, you need to make sure you do!

We sat down with CyberStart creator, James Lyne, to discuss the best method of explaining and resolving flaws in applications. Watch the video here…

What should you do if you spot a bug in an application

Top tips for spotting and resolving flaws in applications

1. Consider what to do with the bug you have found. It is up to you to decide if you would like to report the bug responsibly and ethically to the owner of the application. It is important in software security to give the vendor time to fix the situation before exposing the bug to the public or taking credit for the finding.
2. It is helpful to give as much information as possible to the vendor. This will maximise the chances of the flaw being fixed. For example, if you are working on Cyberstart Game tell us which base you are working on, which level and which challenge.
3. Additional helpful information includes, which operating system you are working on e.g. Linux, Mac or Windows, what browser you found the bug on e.g. Safari or Chrome and whether you are up to date with the latest software.
4. It is a good idea to create a step by step guide of how you found the bug. This will allow the vendor to find it and work on it as quickly as possible.
5. Take screenshots! Nothing is more helpful than the exact information a screenshot can provide. Even better, you could create a sample file to share with the vendor that would trigger the flaw.
6. Finally, you should consider if you should be sharing the information you have found on a secure channel. If your findings reveal sensitive information such as usernames and passwords, it is a good idea to contact the vendor first and discuss if they would like you to use a vetted channel to share this information.

Unfortunately, when it comes to security there is no state of 100% secure and bugs or defects may occur. If you want to work in cyber security, it’s essential you learn how to spot bugs early on and always remember to act ethically when you do!

If you find a suspected bug or flaw in any of our tools, please contact support@joincyberstart.com with the subject “Defect” and let us know as much as you can about the flaw.

Interested in our programmes? Check out where you can build your cyber security knowledge for free!

UK 13–18-year-old student programme: Cyber Discovery https://cyberdisc.io/medium

USA 13–18 year-old girls student programme: Girls Go CyberStart https://ggcs.online/medium

USA 18–year-old and above college student programme: Cyber FastTrack https://cyberft.io/medium