Discover effective strategies for uncovering valuable vulnerabilities in established bug bounty programs through this insightful conference talk from Bugcrowd's LevelUp 2017. Learn how to approach recently joined programs that have been active for months, gaining valuable insights from the presenter's personal experiences and methodologies. Explore the differences between private and ongoing programs, understand the importance of swift action, and delve into techniques for navigating potential duplication issues. Gain a deeper understanding of program backgrounds, multiple testing approaches, and business considerations that can lead to successful bug submissions. Examine real-world examples and learn how to leverage user agent chains and mobile site testing to maximize your chances of finding hidden gems in older bug bounty programs.
Finding Hidden Gems in Old Bug Bounty Programs - Yappare, Bugcrowd's LevelUp 2017
Overview
Syllabus
Intro
About Me
Why this topic
Tips and Tricks
Private vs Ongoing
Private Bounty Email
Why you need to be fast
Issues in the first program
Difference between private and ongoing program
My approach
High potential of duplication
Main section
Understanding the background
Multiple tests
Duplicates
Business
Business Examples
Duplicate Submission
Duplicate Accepted
User Agents Chain
Mobile Site
I will dip em
Taught by
Bugcrowd
