Shift left is the trend where developers introduce security checks as early as possible in the development lifecycle. Along with some other factors, it makes the software more secure. However, every time you introduce any component to the pipeline, you also introduce...
Bug Bounty
Top-Tier Bug Bounty Hunter Mindset
Over the years, Yassine Aboukir has transformed from reporting lots of NAs and Informationals to discovering lots of cool, impactful bugs and even receiving a Most Valuable Hacker award at a Live Hacking Event. In his recent talk, he described how he changed his...
Critical Thinking podcast and going full-time bug bounty
Critical Thinking is a fantastic podcast about bug bounty led by Justin Gardner (Rhynorater) and Joel Margolis (teknogeek). In particular, I recommend the 10th episode where Justin discusses going full-time bug bounty. One thing that caught my attention is how often...
NahamSec videos and NahamCon2023
NahamSec has been very active on YouTube recently, producing a lot of interesting videos like: 2023 Web Hacking Roadmap // How To Bug Bounty Learn Cybersecurity and Hacking Through CTF! Cloud Hacking: The Basics How To Pick Your Targets // How To Bug Bounty Also, he...
The Ultimate CVSS Guide for bug bounty
CVSS is a uniform way to describe the severity of a bug. It has received a lot of criticism for its flaws over the years. However, we still use and we'll keep using it for now. Not because it's perfect but because we don’t have anything better. Incorrectly...
Triage from the other side – improve your reporting
What’s the most important part of a racecar? Things you probably think of are the engine, aero, chassis, brakes… But did you think about tires? Tires are the single thing sticking a racecar to the track and if you have bad tires then it doesn’t matter how great your...
What advice would top hackers give to beginners?
NahamSec asked an excellent question on Twitter recently. Here are some of the responses that I resonate with: https://twitter.com/NahamSec/status/1605592932458778625
How much money I made in my first year of bug bounty?
In bug bounty, we lack transparency yet I think it can hugely benefit many people. It surely would benefit me if I saw transparent people at the beginning of my career. I decided to be transparent myself and I made a video about how my first year after quitting...
Excellent bug bounty tips from @Rhynorater
Justin Gardner recently wrote Twitter threads with excellent tips, some of them very uncommon. The first one was about a couple of things that he always checks when looking at a web application . The whole thread is really good but two things caught my attention: The...
Submitting High Quality Bug Bounty Reports – Tips from Behind the Curtain
Roy Davis is a security researcher and engineer with 20 years of pentesting and programming experience. He’s now managing Zoom’s bug bounty program and has some things to share with us about the bug bounty report lifecycle in a talk called “Submitting High Quality Bug...