Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Hard Knock Lessons on Bug Bounties

OWASP Foundation via YouTube

Overview

Explore hard-earned insights on bug bounty programs in this 43-minute conference talk from AppSecEU 2015 in Amsterdam. Delve into crucial aspects of managing bug bounties, including legal considerations, defining scope, preparing program briefs, and handling public and private programs. Learn how to address challenges such as out-of-scope submissions, issue reproduction, upstream vulnerabilities, and reward structures. Gain valuable knowledge on setting expectations, managing payouts, and navigating the complexities of bug bounty programs to enhance your organization's security posture.

Syllabus

Hard Knock Lessons On Bug Bounties
UNIVERSITY RAPID
2,888 Paid submissions (all time)
First things first
You're going to want to make friends with legal
What is in scope?
How bulletproof is your scope?
Preparing the brief
Sample Public Program
Sample Private Program
Public programs
When expectations aren't
How will you reward useful but out of scope submissions?
Can you reproduce the issue?
Handling upstream issues
What about swag rewards?
When are you going to payout?
Bumping rewards

Taught by

OWASP Foundation

Reviews

Start your review of Hard Knock Lessons on Bug Bounties

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.