Autonomy of bug hunting program: how they better option for finding bug.
what is bug bounty program?
Open Platform for cyber security researcher who can penetration system using their skill set and expertise, after finding any bug in system they provide one report that indicate about bug. finally companies will provide any reward.
A bug bounty program is an initiative and external task taken by the organization and private enterprise to reward the people who identify the bugs and report this issue to them.
The bug bounty program is also known as vulnerability rewards program (VRP), is the plain method in which individual reports the software bugs to the website and in return received the reward from them. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of an organization’s vulnerability management strategy.
Many famous web sites and web domain use the ethical method for bug bounty to find out software vulnerability which has a further danger of getting exploit.
The report submitted about the bug must consist of solid documents proving the vulnerability of the bounty program and the threat that the bug can cause to the website. After getting the sufficient proof about the bug bounty program, the company pays to the white hat hackers and security experts for the action. The payment is made according to the difficulty in hacking the system and how much impact on users a bug might have and most importantly the size of the organization.
Area of vulnerability
- System has always flaw
- Source code can be found bug
- Configuration can be compromise with issue
How This Works ?.
Mostly there are several online web platforms who provide “Companies and Organization” to launch there system awareness program and giving particularly invitation those whom called “Security Researcher” who work as white hacker using their skills to find particular area of available domain for vulnerability.
Global Initiative for Bug Bounty Program
A bug Bounty hunter program is very important for any organization and private enterprise for establishing public interest using invitation for those who have skills and experience with knowledge.
a security researcher can find more bug in system with probable cause that can compromise their system.
Type of Vulnerability Assessment
- Static Web application
- Dynamic Web application
- Networking and system
- System Architecture
Top area of vulnerability
- Application Vulnerability
- Buffer Overflow
- CRLF Injection
- Cross-Site Request Forgery Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Directory Traversal
- Failure to Restrict URL Access
- Insecure Cryptographic Storage
- Insufficient Transport Layer Protection
- LDAP Injection
- Malicious Code
- SQL Injection
- miss configuration
- Authentication problem
List of platforms for bug Bounty Program
Big Private Enterprise has their own platforms for bug Bounty Program like Google, Intel, Facebook, Twitter, GitHub, Uber. Some of Government are creating their own platforms for bug Bounty like DOD, NSA, CERT, NASA, AIR FORCE etc.
Other Private Enterprise are listed there program at 3rd party level platforms like.
- Bug crowd
- Vulnerability lab
- Bounty factory
Cyber Security Hive is the best cyber security company in US, India, UAE, Dubai. We provide excellent cyber security services. We are also an active participant in cyber security bug bounty programs.