Practical Tips for Running a Successful Bug Bounty Program

Practical Tips for Running a Successful Bug Bounty Program

OWASP Foundation via YouTube Direct link

Intro

1 of 25

1 of 25

Intro

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Practical Tips for Running a Successful Bug Bounty Program

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 Grant
  3. 3 Netscape "Bugs Bounty"
  4. 4 An (Abbreviated) History of Bug Bounties Since 1995
  5. 5 Do you really want to let people attack you?
  6. 6 Who are these people?
  7. 7 The Value of Crowdsourced Testing
  8. 8 Overview
  9. 9 But you never mentioned paying rewards!
  10. 10 Touch the code, pay the bug.
  11. 11 but first, Step 0
  12. 12 Scope
  13. 13 Focus
  14. 14 Exclusions
  15. 15 This is what a shared environment looks like...
  16. 16 Access
  17. 17 Manage Expectations
  18. 18 Communication is Key
  19. 19 Coordinated Disclosure
  20. 20 Define a Vulnerability Rating Taxonomy (VRT)
  21. 21 The Regular Methodologies
  22. 22 The Bughunter's Methodology
  23. 23 Consider the business impact!
  24. 24 Remember what it's all about.
  25. 25 Case Study: Instructure

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.