+ 16

bug bounty hunters

what level of cybersecurity knowledge does one need to be considered a bug bounty hunter, and why do companies place huge bounties to get their softwares hacked

8th Jan 2020, 8:56 AM
xrezie
xrezie - avatar
7 odpowiedzi
+ 8
Program decompiling, reading the code to get the bug, creating your own exploit for the bug, and also creating a report about the bug on how it can be exploited and the threats it poses to the system. Companies invest so much for them to just get a software do what they want it to do. So putting a high price stake on it for bug hunting is just fair...and also a high price acts as a motivation to bug hunters to keep hunting. Happy coding😉 Keep coding🙏🏾
8th Jan 2020, 9:14 AM
Alfred Juma
Alfred Juma - avatar
+ 6
probably to test how good their software is
8th Jan 2020, 9:04 AM
ciselic
ciselic - avatar
+ 4
What level? For understanding how to search a bug, you need to know generally as much as possible. Why? Because companies need trust from their customers and because it costs less to pay bug bounty one time instead of losing money for cracked software
8th Jan 2020, 12:23 PM
Vlad V
Vlad V - avatar
+ 4
I found 4 bugs on huge companies with zero knowledge on programing. I just started to learn C. Bug hunting requires you to know basic networking and basic web vulnerabilities like OWASP top 10 to get you started. As for the huge bounties I don't think is enough in comparison to the economic damage one simple vulnerability could do to a company.
9th Jan 2020, 2:53 PM
Antonios Tsepouras
Antonios Tsepouras - avatar
+ 2
On why the pay so much. It is cheaper to reward bug bounty hunters for their efforts compared to the cost of their application being hacked by blackhats. On what is needed: An tech background in software development is add advantage as you would need to be able to study/read source codes and find flaws in the. Networking, cryptography, command line and regex are some of the skills to support you too.
9th Jan 2020, 1:52 PM
Kingsley Amadi
Kingsley Amadi - avatar
+ 1
o
8th Jan 2020, 1:07 PM
Ayush
+ 1
Aqui no Brasil, as empresas possuem equipes de Testes focadas em encontrar falhas no sistemas. As empresas que tiverem perdas de dados podem pagar multas altíssimas.
9th Jan 2020, 3:11 AM
Alex Jose Silva
Alex Jose Silva - avatar