Everybody gets clickjacked: Hard knock lessons on bug bounties

DerbyCon 4.0 - Family Rootz

Presented by: Jonathan Cran
Date: Sunday September 28, 2014
Time: 15:00 - 15:50
Location: Track 4

Ever wondered what kind of bugs are submitted to a bug bounty? Ever wanted to know how it feels to be extorted by a 15yr old kid in Bulgaria? What happens when you submit an RCE in a database server- but.. it’s out of scope!?! What do you do when you start a bounty and your entire application stack is compromised… 30 minutes after you begin? Distilling 15- 000 submissions and a whole lot of stories down into lessons for bug bounty providers and researchers alike- the presenter provides a unique perspective. Join us for a journey through the world of bug bounties and walk away armed with insider knowledge.

Jonathan Cran


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats