Video: Bug Hunting as a Second Income

EH-Net Live July 2018 - Bug Hunting as a Second Income - Haddix - Event ThumbVideo and Slide Deck from EH-Net Live! July 2018

When most think of selling bugs, they have visions of the underground hacking scene populated by nefarious characters using their 0-days for illegal activity. But what if you could get in on the bug hunting action without the worry of law enforcement? You can now!

Companies not only use 3rd party software that has bugs, but more and more they also have their own proprietary or custom code that most certainly has bugs. The new-school world of “bug bounty” has incentivized a whole new hacking scene, where companies can take advantage of white hat hackers to find these bugs for fame and nominal rewards. Companies are starting to learn it’s much cheaper to find them from internet-do-gooders than from a massive breach and before they have to pay crypto-currency to criminals.

It’s a seller’s market out there! In 2017, the CVE saw an increase of more than 128% from 2016. For 2018, the upward trend is already continuing. How do you get in on the action? Jason Haddix, VP at Bugcrowd, will give you the insider’s view of how it’s done.

Agenda for “Bug Hunting as a Second Income”

    • Intro by Don Donzal, EH-Net Editor-in-Chief
    • Preso by Jason Haddix
      • Bio
      • Bug Hunting 101 – Know your skillset
      • The common journey, web applications
      • The great equalizer, reporting
      • Focus – Best bang for the bug
      • Path to success
    • Q&A
    • Post Game in EH-Net in the new “Bug Hunting” Group

Full Video

Link to MP4

Slide Deck

EH-Net Live! - April 2018 - PDF Slide Deck DL

EH-Net Live! June 2018 – Guest Bio

EH-Net Live July 2018 - Bug Hunting as a Second Income - Haddix - PicJason Haddix, VP of Trust and Security at Bugcrowd, Inc.

I am passionate about information security. Not only is security my career focus but it’s my hobby. I absolutely love my job.

In my previous role as Director of Penetration Testing I led efforts on matters of information security consulting. The gamut stretched from developing test plans for Fortune 100 companies to competing in “bake-offs” to win business against other top tier consulting vendors.

In my current role I serve as the Director of our Application Security Engineers and Technical Operations. This means I am an extension of (and advisor to) over 300+ security programs across many industry verticals. Under my direction, my team has triaged over 15,000 vulnerabilities this year alone. We also strive to keep the relationship between vulnerability researcher and customer a good one.

While I never call myself a “master” of anything, I do have a very particular set of skills; skills I have acquired over a very long career. These skills make me adept at getting business, finding security vulnerabilities, and eventually leading a customer to a better security posture.

Jason is a regular columnist for EH-Net. See all articles by Jason Haddix.

See all EH-Net Live! Webinars.

*** This is a Security Bloggers Network syndicated blog from The Ethical Hacker Network authored by Don Donzal. Read the original post at: