Hacking on Bug Bounties for Five Years | @infosec_au

Bug bounties have become an established process in organisations with a mature security posture. Over the last five years, we have been submitting vulnerabilities to companies in almost every industry. By participating in bug bounties over such a long period of time, there has been an evolution in the skills, reporting and payouts. There is a broad perception in bounties that there is a secret to unlock to be successful and only a handful of individuals are capable of that success. This presentation will break down why that is not the case. we will walk through all of my favourite bugs that we have found in the last five years, explaining step by step what led to the discoveries. We will discuss some of the lessons we have learned from our participation, and how you can replicate our success.