While I try to keep the content of the newsletter relevant for bug bounty, long-time subscribers know that I won’t resist sharing a cool cybersecurity story once in a while. And here’s one about the FBI conducting a massive, worldwide phone surveillance operation....
Non-technical
Bug Bounty and the 5 aspects of motivation
Motivation is something every single hunter struggles with. I’m no exception. If you’ve been following me for longer, you know I’ve been complaining about my hunting motivation so I’m very interested in improving in this area. When I was younger, I used to think money...
A Recipe for Scaling Security from Google
I am passionate about finding bugs and, since you are reading this, you probably are, too. However, the truth is that on the scale of a huge company, fixing one bug is only one of a thousand steps that you would have to take to be secure. To take bigger steps than one...
Top 10 web hacking techniques of 2023 – the voting is on!
The voting for 2023 Top 10 web hacking techniques has started so go ahead and take a vote. Also, the list of nominated articles is quite a good list of 2023 posts you should read. https://portswigger.net/polls/top-10-web-hacking-techniques-2023
Web AppSec Interview Questions
If you are getting ready for a job interview and you need to prepare yourself for the questions, @0xTib3rius has your back. He published a list of 55 questions on his blog, along with answers. https://tib3rius.com/interview-questions There’s also a repo here with more...
Client-side vs server-side bugs
A very interesting take on client-side vs server-side bugs by Shubs. He said a similar thing in my podcast interview with him which you can listen to here. https://twitter.com/infosec_au/status/1698322940159557987
Public Office Hours by Louis Nyffenegger
Louis Nyffenegger is a founder of PentesterLab. Even though I don’t know him personally, I have big respect for him as a hacker, teacher and as a person. He just decided to offer public office hours where you can chat about careers, learning or even startups. I...
Whose Input Is It Anyways? by Rael Sasiak-Rushby
Rael Sasiak-Rushby presented a talk titled “Whose Input Is It Anyways?” on BSides Leeds. The talk was interesting to me because he focused on the aspect of working with developers and understanding their struggles. It will be especially useful for those of you who...
Applying a growth mindset in bug bounty
One of the main things that differentiate pentesting and bug bounty is the importance of the mindset. What you are looking for is the so-called growth mindset. Without it, you will not succeed in bug bounty for the long term with a healthy mind. Recently, Andrew...
How to choose a security research topic?
Incredibly, James Kettle produces novel web security research every single year. I have a huge respect for him! And I, probably like you, sometimes have thoughts about spending some time off my targets to instead invest some time into developing new techniques. But...