A bug bounty program is a deal offered by many websites and software developers by which any ethical hacker can receive recognition and reward for reporting bugs, especially those pertaining to exploits and vulnerabilities. In this blog, we are going to talk about 5 rules to running a successfully bug bounty. Bug bounty is a kind of reward which is given by the company when someone identifies an error or vulnerability in a software or computer program.
Some of the Bug bounty platforms are given below:
Bugcrowd
Hackerone
Synack
Hackenproof
BountyFactory
1- Always read the Source Code: If you are trying to find out the bugs in software, the first thing you need to do is always read the source code. It helps you to find out the bugs, to find interactions, to review, to see the interface and you can learn more about the software. These are some kinds of source code:
- C++
- Javascript
- ES6
- Coffee Script
- Shell Script
2- Try to takeover Subdomains: Subdomain takeover is a process of registering a non-existing domain name to gain control over another domain. The most common scenario of this process follows:
Domain name (e.g., sub.xyz.com) uses a CNAME record to another domain (e.g., sub.xyz.com CNAME anotherdomain.com).
At some point in time, anotherdomain.com expires and is available for registration by anyone.
Since the CNAME record is not deleted from xyz.com DNS zone, anyone who registers anotherdomain.com has full control over sub.xyz.com until the DNS record is present.
3- Always check the Back-end CMS & backend language: Before finding bugs in software, you need to check the backend CMS and backend language. You have to understand the programming language of that application. Some of the common backend languages are PHP, Java, .net, html, MySQL and Ruby.
4- Google Dorks is very helpful: Google dork also known as Google Hacking. It’s a technique that uses google search to find out security loop holes and vulnerabilities in the programming language of the software. Google dorks is very helpful while performing security tests. It keeps our time save and unknowingly exposes sensitive corporate information on the Internet. Google dorking can return usernames and passwords, email lists, sensitive documents, and website vulnerabilities.
5- Check each request and response: When we are in to website, check each request and response and analysis that, and trying to understand their infrastructure such as how they’re handling sessions/authentication, what type of CSRF protection they have (if any). Sometimes, use negative testing to through the error, this Error information is very helpful to finding internal paths of the website.
Keep your mind active and think out of the Box.