+15

bug bounty hunters

what level of cybersecurity knowledge does one need to be considered a bug bounty hunter, and why do companies place huge bounties to get their softwares hacked

1/8/2020 8:56:30 AM

xrezie

7 Answers

New Answer

+8

Program decompiling, reading the code to get the bug, creating your own exploit for the bug, and also creating a report about the bug on how it can be exploited and the threats it poses to the system. Companies invest so much for them to just get a software do what they want it to do. So putting a high price stake on it for bug hunting is just fair...and also a high price acts as a motivation to bug hunters to keep hunting. Happy coding😉 Keep coding🙏🏾

+6

probably to test how good their software is

+4

What level? For understanding how to search a bug, you need to know generally as much as possible. Why? Because companies need trust from their customers and because it costs less to pay bug bounty one time instead of losing money for cracked software

+2

On why the pay so much. It is cheaper to reward bug bounty hunters for their efforts compared to the cost of their application being hacked by blackhats. On what is needed: An tech background in software development is add advantage as you would need to be able to study/read source codes and find flaws in the. Networking, cryptography, command line and regex are some of the skills to support you too.

+2

I found 4 bugs on huge companies with zero knowledge on programing. I just started to learn C. Bug hunting requires you to know basic networking and basic web vulnerabilities like OWASP top 10 to get you started. As for the huge bounties I don't think is enough in comparison to the economic damage one simple vulnerability could do to a company.

+1

+1

Aqui no Brasil, as empresas possuem equipes de Testes focadas em encontrar falhas no sistemas. As empresas que tiverem perdas de dados podem pagar multas altíssimas.