Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Why bug bounty hunters love the thrill of the chase

Ryan Francis | Nov. 13, 2014
The financial reward of hunting for bugs is nice, but these White Hat hackers often find holes for companies simply because they love the challenge. What motivates them? And how can you get involved?

The common mistakes that these bug bounty hunters find usually involve basic configuration mistakes or missing best practice issues. When going for more severe bugs, standards like Cross-Site Scripting (XSS) & Cross-Site Request Forgery (CSRF) are not uncommon.

Most development frameworks take care of basic XSS and CSRF issues. They have noticed a decrease in SQL Injection bugs and that can be underpinned by ORMs and prepared statements which do a good job preventing SQL profile websites and/or tools.

"Security is about practice. Try and try again, and keep trying, and keep learning new things," Singer added. "I see some researchers jump in headfirst and try to hack everything in sight. Best of luck to them, but in reality it is not that simple."

The bug bounty hunters cautioned about going it alone to find vulnerabilities before getting approval from the site owner. Sites like Bugcrowd can help set up the legal documentation to protect the bounty hunters.

 

Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.