mise en place d'un programme de bug bounty
TRANSCRIPT
![Page 1: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/1.jpg)
BUG BOUNTY PROGRAMPRESENTATION & FEEDBACK
![Page 2: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/2.jpg)
![Page 3: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/3.jpg)
WHAT’S A BUG BOUNTY▸Deal for reporting bugs and security leaks
▸First appeared in 1995
▸Google: 2010
▸Rest of the world: 2011
▸No more consultants, audits, blah blah
PRESENTATION
![Page 4: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/4.jpg)
![Page 5: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/5.jpg)
HACK YOURSELF BEFORE OTHERS DO
PRESENTATION
![Page 6: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/6.jpg)
ADVANTAGES▸Cheap
▸Pay as you go
▸Distributed
▸Transparency
▸Experts
PRESENTATION
![Page 7: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/7.jpg)
DRAWBACKS
▸Bandwidth
▸Reactivity
▸Trust
PRESENTATION
![Page 8: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/8.jpg)
FEEDBACK
HUNTER.IO▸Distributed team of 5
▸No security expert
▸Focused on UX and data quality, not on security
![Page 9: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/9.jpg)
FEEDBACK
ANNOUNCEMENT
![Page 10: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/10.jpg)
FEEDBACK
ANNOUNCEMENT▸Rules (do not disturb, no automation, test
with your own data, don’t publish until we fixed, etc.)
▸Rewards
▸What’s included and what’s not
▸How to report
![Page 11: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/11.jpg)
FEEDBACK
RESULTS
![Page 12: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/12.jpg)
FEEDBACK
RESULTS▸> 30 reports
▸7 rewards
▸About 2000$ bounties
▸A few disappointed hackers
▸A tested and retested app by dozens of hackers
![Page 13: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/13.jpg)
![Page 14: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/14.jpg)
FEEDBACK
KEY SUCCESS FACTORS▸Be reactive
▸Be generous
▸Be kind
▸Be transparent
▸Be confiant
![Page 15: Mise en place d'un programme de Bug Bounty](https://reader031.vdocuments.us/reader031/viewer/2022030309/58f2a33f1a28ab44658b45af/html5/thumbnails/15.jpg)
FEEDBACK
SOURCES▸https://hackerone.com/
▸https://bountyfactory.io
▸https://internetbugbounty.org/