- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 397字
- 2021-07-16 17:53:03
Bugcrowd
Bugcrowd (https://www.bugcrowd.com/) has a standard sign-up process and doesn't require any proof of experience to become a researcher. You can choose to make your profile public (so people can see the kudos points you've accumulated and general stats about your involvement) or keep it private.
Your page shows your rank, how many points you've accumulated, how many submissions you've made over time, and the accuracy of those submissions. It also displays the average severity of the vulnerabilities you've had rewarded, on a scale of low-moderate-high-critical. Bugcrowd also maintains a system for classifying vulnerabilities, called the Vulnerability Rating Taxonomy, in an effort to further bolster transparency and communication, as well as to contribute valuable and actionable content to the bug bounty community. For researchers specifically, the company contends the VRT help[s] program participants save valuable time and effort in their quest to make bounty targets more secure, helping them identify which types of high-value bugs they have overlooked.
Astute researchers will often specialize their skillset to become proficient at detecting a handful of bugs. As you work through the exercises and think about which strategies you'd like to dedicate time to, resources such as the VRT can help you triangulate that perfect intersection of effort and reward.
Bugcrowd uses metrics about your behavior, pulled from the last 90 days, to determine which researchers to invite to private bounty programs. These private programs are opened to a limited set of researchers, who are given a window of time to in which find vulnerabilities. These private programs are great because they mean fewer researchers combing through a particular site, and therefore more chances for you to discover bugs.
The company also provides a useful service where, every time you log in, Bugcrowd will set aside a relay email address for you at [username]@bugcrowdninja.com for the next 30 days. Sometimes program guidelines will ask you to create a testing account using this email so the participating company can monitor researchers, but regardless, they're a great resource. Because it's a Gmail service, you can also change the address if you need to spin up multiple accounts (for example, [username]+test1@bugcrowdninja.com and [username]+test2@bugcrowdninja.com).
You can find a wide spectrum of businesses on Bugcrowd, covering every size and a variety of revenue models. The targets trend towards web applications, but there is also a smattering of mobile apps and the odd alternative listing.