-
Notifications
You must be signed in to change notification settings - Fork 794
Philosophy
- looking mostly for common-ish vulns
- not competing with others
- incentivized for the count
- payment guaranteed and quality check based on an approximation
- looking for vulns that aren’t as easy to find
- racing vs. time
- competitive vs. others
- incentivized to find unique bugs
- payment based on impact not the number of findings
1st party bug bounties = Google Paypal, etc 2nd party bug bounties = Bugcrowd, H1, Synack, etc
Because competition is introduced; when working in a bug bounty it is essential to have templates set up for your "most found" classes of vulnerabilities. Obviously, custom vulnerabilities will always be custom writeups, but having a template for ones that come up often is essential. Protip: always remember to change the URLS and domains in the templates. Nothing will get a bug invalidated faster than stating the wrong domain or URLs in a report.
When designing these templates there are two really great resources to read:
https://blog.bugcrowd.com/advice-for-writing-a-great-vulnerability-report/ https://forum.bugcrowd.com/t/writing-a-bug-report-attack-scenario-and-impact-are-key/640