- Hands-On Bug Hunting for Penetration Testers
- Joseph Marshall
- 138字
- 2021-07-16 17:53:06
The Internet Bug Bounty Program
The internet bug bounty program inhabits something between a third-party marketplace and an individual effort. The IBBP is a not-for-profit funded by big tech contributors such as Microsoft, Adobe, Facebook, and GitHub, for the purpose of protecting the integrity of core internet services. The technologies covered under their reward program are diverse, with languages (Perl, Ruby, PHP), application frameworks (Django, Ruby on Rails), servers (NGINX, Apache HTTP) and cryptographic tools (Open SSL) all covered.
While this work is focused primarily on pentesting web applications as opposed to their more fundamental components, the IBBP is a great resource to keep in mind as your skills advance. The IBBP has been responsible for awarding payouts for some of the most high-profile bugs in the last decade, such as Heartbleed ($15k), ShellShock ($20k), and ImageTragick ($7.5k).