The Bug bounty scene (and how to start with bug bounties)

Introduction

Starting in October the 11th, @_dc151 started running a social event with lightning talks related to hacking. For the second event held on 8th of November, I was asked to talk about my experience with bug bounties. Since it is a wide and interesting topic, I decided to start from the beginning and address some questions a beginner would have regarding the topic:

  1. What is a bug bounty?
  2. What is the difference between a bug bounty and a penetration test from the hacker and the customer's perspective?
  3. What kind of bug bounty program exist? Which is one is better to start with?
  4. What are bug bounty platforms?
  5. A list of bug bounty plaforms (Hackerone, Bugcrowd, Synack, Zerocopter, Cobalt, Dvuln & Intigriti)
  6. A description of the above mentioned bounty platforms (pros & cons)
  7. When to start working on bug bounties?
  8. How to start? How to select a program?

Find here the slides of the talk "The bug bounty scene (and how to start)"