A Bug Hunter's Way of Assessing Web App Security

uh he's an experienced Bug Hunter and penetration tester with over six years of experience in identifying critical vulnerabilities across web applications within the bfsi sector having contributed to bug Bounty programs and security communities expertise includes delivering it security Consulting best practices and standard implementation and S and D vulnerability assessment penetration testing and Regulatory Compliance so welcome [Applause] thank you Katherine so before we begin how many of you have literally you know hacked anything in your life like what what what have you have sir yep you like what okay so Brute Force you have logged out for a account I mean specifically yeah okay okay someone else here like what

sir okay okay all right that's interesting okay so you know hacking or talking in terms of bug bounty hunters specifically you know whenever whenever you think in a mind that some some application or some website is getting hacked so that's where a real hacker comes into picture that is I mean hand in hand with as a Bug Hunter and normally as a back hat hacker you would say that's that's the thing as a Bug Hunter also you try to hack into the system without letting FBI come to your house you know so you ethically report them as a Bug Hunter you you have to ethically report the observations or the loopholes you have got into any sort of

application or any organizations whatever it is so here what we are doing is specifically we as a Bug Hunter we do a Security review of any sort of applications be It Mobile Android iOS be it source code reviews within Cloud Securities things like that whatever the you know assets have the organization has so you you literally test it out you literally exploit it out see what can you what you can exactly do with that particular data or particular application itself you know so after exploiting it you you got to know that this particular web application is vulnerable to some authentication bypasses so the application is not handling the authentication properly you are able to bypass the authentication

you are getting into the system without any authentication or maybe on a banking application you are able to you know send funds to anyone without even having account in that applic in that particular bank right so you are making things like this kind of thing so as a Bug Hunter you specifically have to I mean review these applications review these endpoints and see how and what kind what kind of things you can literally exploit and see if there are any loopholes in that case or not so that's what we going to do today we we are going to focus more on a on terms of you know manually pen testing and what all things you can do literally uh what

kind of vulnerabilities you can explore what exactly you know there there are multiple business use cases that you can bypass that we canot see here and lastly ethically reporting that is that is what you have to keep in mind because you know if you if you hack someone and if you're not going to report them not going to let them know that these kind of things are there in their application and when after checking their you know logs and they got got to know that you have hacked someone I'm sure is going to come at your home of course so let's start as as Katherine has already informed my name is s I have six plus

years of experience into application security doing pen testing uh doing vulnerability assessments doing you know digital forensic Readiness reviews uh apart from that I have scored I mean secured more than 80 plus organizations including Apple Google meta which is now Facebook Facebook Microsoft Amazon MasterCard Visa let the list goes on so so as a Bug Hunter the Curious mind Never Dies never ends like that so the more you do the more you will get addicted to it yeah okay so the objectives have already set to the you know the to the to the organ I mean specifically this call we are we will try to understand how you know the program some guidelines would be there

so as a Bug Hunter there has to be have has to have some guidelines to him that if any organization let's let's take an example as a Walmart or any sort of e-commerce website we can take an example so whenever the responsible disclosure they have a bug Bounty program they are maintaining onto they would definitely you know rely upon the Bug Hunter that or blindly trust in that uh in that sense that this particular hacker or or any Bug Hunter who whoever is I mean finding out vulnerabilities they will properly report us and let them let us know that these kind of things are there and of course they would not hack or they would not you

know authentic exfiltrate the data take the data out of that particular application or in the sense financially or any any exploitation would not be done there so program guidelines and Rule Rules of Engagement specifically helps in that particular part as a Bug Hunter you have to follow specific rule sets these are the basic rule set that you you know do social engineering things or fishing males like things like that so you you should not do in as a Bug Hunter that is not applicable in a bug Bounty programs specifically for things related to social engineering so coming on to Recon and information gathering so Recon part like information gathering part uh as a Bug Hunter

specifically is considered as I mean in in a bug bug Bounty Comm community so we consider this is a very very you know uh I would say not used part of a very crucial part it is it is very crucial part but it is not considered as crucial one because it takes a hell lot of effort in gathering information of any organization you have to gather information help I mean whatever information you can get from internet so so thinking as a perspective that you don't know any XYZ organization you just have the you know URL or the domain of the application how would you find out the details what are the options that you can find out the details from okay so

there are multiple ways to you know search and get the information from internet itself like so so at the beginning you you want to understand and you have to have to understand that what kind of programming languages this application is developed upon okay so you can there are multiple tools or even if someone is into software development he has a knowledge of programming he would be able to easily understand which kind of programming languages are being used in this particular application development stage apart from that there are multiple uh Chrome extensions that you can use uh walizer uh things like that so that will help you to help you out to understand which programming language exactly it's being used for

this particular development of the application apart from that walizer will also help you out in uh you know um finding out the versions of the jQuery or any other you know extra libraries that's already developed onto so it will help you out to understand the libraries existing libraries also so what it will help is so anyway any anyone aware of zero day attacks okay or anyone uh I mean does not does I mean know about uh vulnerable versions or vulnerable existing vulnerabilities from uh GitHub or any uh Google exploit DB is it okay so you you know about the existing vulnerabilities right uh in existing in existing you know versions of jQuery Java or uh I mean multiple

programming languages has you know absolute versions of vulnerable versions so so these kind of versions you will get in the weizer itself uh directly jumping onto the you know manually exploration we will we will first set the guidelines and then objective first and then so of course after that you will try try to exploit vulnerabilities whatever you have got from you know lot of gathering information you will start to understand and explore how what all vulnerabilities are there you you will manually do penetration testing there anyone knows about penetration testing or we are good okay so so we'll start doing you know practic practically trying uh out the you know observations or you you start to exploit the vulnerabilities

there and try to see what kind of vulnerabilities is available in that particular application or it is vulnerable to some sort of existing vulnerabilties from exploit. DB or any any existing vulnerabilities like that or any absolute versions is being used or not or any vulnerable versions or any vulnerable libraries is being or programming languages we have multiple versions of so that any older versions are being used or not like things things like that you will be seeing and apart from that after understanding exploitation and then you will start for reporting and then impact analysis so before reporting you will understand and I mean do the analysis on the impact what exactly the vulnerabilties is getting I mean it is

impacting onto let's say if someone if a banking obligation is there and the transaction is happening from one to B one to uh second I mean A to B and we are doing a transaction to a from a to c or C to B got my point we are clear so the authorizer or the end end user which the I mean the transaction is happening we are just changing out the you know the um from user a to user C or user C to user B so here we are doing lot of things we are you know directly targeting on the authentication authorization then probably the you know parameter tampering because the person who is authorized to send uh to B who is

sending to C who is able to not send to see without even having an amount in in his account from authentication bypasses to authorization bypasses to parameter tampering from you know financially uh data or accounts other the numbers so that's how we going to see uh as a business logic use cases and then uh impacting impact analysis and then reporting reporting is the most important part in this uh bug hunting uh career I would say as I'm not the active bount bug mounty Hunter uh currently I'm uh right now I'm a student at the University of Buffalo uh so that's how and we will sh we'll sh we'll see some tips and resources uh I mean related to bug

bounty hunting and then bug reports and then earnings we will discuss uh existing I mean my earnings or I would say whatever uh reports I have uh till now report I mean eally reported and then uh probably uh friends of mine who has reported who who have got the bounties till now or uh apart from that we will also be discussing multiple organizations who are providing bug Bounty you know how much the amount would be and how much are you seeing exactly in the not amounts and

numbers so here it is of course hacker is hacker they they won't see the rules they won't you know bother about the rules EX actually so that's where uh clear guidelines if you you analyze everything from the beginning and then you know you you will be in a rule set whatever the organization has set of course you're going to get bounties but if you don't abide by the rules of course you you're going to be you know blocked on that particular account or from I mean as a hacker Community you would be blocked you won't be get paid for that particular uh any any vulnerabilities you would be reporting on to is everyone aware with

aware of bug crowd or hacken or like multiple platforms bug Bounty platforms okay perfect so there you get blocked literally blocked after four to five you know attempts on bug hunting if you are not abiding by the rules so these are the platforms where you can literally find programs which is you know aligned with this particular uh platform uh you you have to find you you get to find uh vulnerabilities on that particular organization and and uh report them through this uh platform itself so of course they are managing the platform so what whatever the rules and engagement is there you have to follow that if you're not following they will block you so that's where uh def Define in

scope elements out of scope domains subdomains operations and apis so which clarifies the restricted end points and Pi handling data information and limitations about that so kind of technique on you know testing Pro process that which is allowed or not things like that you will be it will be highlighted there of course you have to avoid disruptions in businesses and non destructing uh testings includes uh so while reporting you have to include each and every reproduction steps whatever you have the process you find out the vulnerabilities you have to exactly either record it or you know you have to report in such a way that someone who does not even understand security is able to exploit the same thing what you

have done it will make you very clear very precise in finding vulnerabilities understanding of the so so the person who is reviewing your observations or your vulnerability or your whatever you have reported it he has to understand each and every aspects of the security and then impact of course lastly uh uh no data exfiltration or destruction of the data or any organization

so as I said there are multiple uh things in you know during the analysis so Recon and information gathering will set you a I mean lay you a foundation specifically for uh any bug Bounty program to you know continue and do and find out VAB is there so first you need to understand what kind of Target application you are targeting onto because that's that's where someone I mean anyone who will be confused uh in fact we were doing some trainings a lot of people or bug Bounty Hunter itself so whenever he wants to start he will start like vaguely like he wants to do he wants to hack Google or he wants to hack Yahoo but what these kind of

organization are already present since Decay now they are well established they will be well secured right so of course you have to find out a way that they have multiple products right so they have multiple Acquisitions they have multiple platforms so you need to find out where exactly the developers or you know most of the community will not be engaged or in that plat platform itself so in that case you will start finding out the domains sub domains and their subdomains I will give you an example

can you see

this so this is just a random test don't take this thing out and you know so I was just trying to understand what kind of domains a black rock even have or uh multiple other domains like Starbucks if you say so Starbucks itself you you I mean you see this company just to you know get a coffee but still they have lot of stuff they have lot of Hell lot of platforms uh within them okay and Hell lot of products also so you can see what kind of things they are they have in their account or under their domain so does anyone know what is this called as what is this I mean before the

Starbucks whatever the whatever the data it is showing what it is called as subdomains okay so they have h a huge number of uh subdomains actually so you can as a Bug Hunter we try to you know find out which kind of subdomains are there what kind of platforms it's it's being used onto what kind of product it is having and is there any you know a huge customer Based Services which is being used in those subdomains or not because you in bug in bug bounty hunting you get a lot of competition so you have to be you know very precise on find whatever you are finding onto and of course the so the domain you're choosing that is the most

important thing because of course if you if you choose a main sub I mean main domain of the starbug itself it's well-known organization and of course it is uh will established in terms of security so you have to find in such a way that some sub subdomain of the particular starbu or any organization which is not being used or very very less uh uh you know publicly available and the known of that particular application is very less so in that way you can Target that application that particular subdomain and see if at all you I mean that the subdomain is in has a lot of data or a lot of sensitive information within that or not in that

case you you can directly found out I mean if you find out any vulnerabilities there you will be able to I mean get a bounty against

that so here you go after understanding and targeting the application you start to um do a manual p listing so either from some uh automation tools like subl Lister uh sub root forcer uh you you can you can get easily on the uh you know uh on GitHub which you may find out uh viabilities or you not viabilities exactly but subdomains list of subdomains so first we did to understand uh what was the programming languages we uh we me eventually went on to understanding the organization what kind of organization is there what kind of data it is dealing on to what kind of impact it can make if if it is being hacked and then again uh after after

that we started to search uh manually uh subdomains of that application right so uh we will start to understand that and uh collect the data do the analysis identification uh in the vulnerabilities of uh you know exploring uh that and then effective bu boundary process you you have followed so yep understanding the application identifying the cor related co-host hosted applications discover related applications you know so how you will discover so there are multiple applications or multiple uh platforms that you can use to uh discover these kind of things such as so there there is something called as uh build with there is something called as uh crunch base where you get to understand which Acquisitions are there so let's take an

example Google has acquired some XYZ companies you get the details there if it is still not available on the internet that or within the bug Bounty programs of Google that this particular scope is you know included in that in that particular uh bug bounty hunting Pro process but they have not updated the newly acquired organization which is might be very SL small or in the midsize which is which has not focused more on the security aspects of that so that you can f i mean that you can see from crunch Bas and you uh of course of course the news and then uh probably from you know multiple um platforms about the acquisition part through that

you can see and if you can you can even try that also that U if at all the security of the implemented application or the integrated application is not at all I mean uh not uh up to the mark you can literally find out vulnerabilities and that that same thing will be falling under Google bug bounties uh hunting program

so uh as I said built with webalizer what web uh so these kind of details you will get with uh within the application to find out uh you know uh details and then uh information gather Gathering part uh so that is called as voxy tool or voxy website will will give you we'll show you who all I mean when when the application was registered the domain was registered when was that U uh who had owned that particular uh application things like that uh under the which domain uh was it it was registered things like that you will get on that

information okay now here we go to comprehensive security vulnerabilities overview here what you can do is you start trying to understand application as an in perspective of what kind of end points it has I'll give an example how you would do

that okay let's take this example as a have APK pure this application spe especially has a lot of APK files uh which is you know from the at the very beginning of the application or whatever it is developed an Android application or iOS applications as well so whenever it is developed you you get to see all the versions from the very beginning it it stores it is a kind of repository which stores each and every version of the application so so soon as you you know open a website you just control you to inspect the element and then uh inspect your the resource or the source code of the application itself you get to see

lot of link right here you can start trying to open uh you know the endpoints of the URL you will see lot of endpoints are there which you can't I mean literally it it is here visible already but you you can't see the URL specifically at one all one at a time you can open the URL and the end points here you try to see you you just try to remove uh the end point and then try to Travers a path so once you do here once you do this thing there are lot of vulnerabilities there there are vulnerabilities called as path traversal attacks so here whatever your vulnerabilities you have found or you have you have traversed the path you you

can I mean if the directory listing is not properly enabled you the website where whenever it is hosted it will show complete directory of the whole application whever it it was hosted onto and same way you can Traverse a path and see uh if any sort of sensitive files the you know in the source code are there or not so publicly accessible endpoints uh identifying information around that uh through the source code if at all there are any sort of uh you know sensitive informations uh like credentials hardcoded passwords things like that you can check of course path traversal have already told you authorization bypasses so what happens is whenever the application so let's suppose the

Facebook is there so let's suppose Facebook is there you know when you Facebook has this process that you have to authent I mean authenticate yourself and then get into the application and you will explore the application whatever the functionality it is there you will try to do but through uh you know viewing source code directly there are some endpoints where you can directly access the specific endpoint as in example like when you there is a process of authentication right so where wherever you I mean you you uh provide your credentials your username and then you are authorized to uh get into the application and do your functionality whatever you it is and uh so the application whatever is so

whenever you provide your credentials and username and you click on the login button so there is a process where where application will authenticate yourself the particular user whatever it is there and then provide a redirection to specific endpoint which is like index file or the main homepage file of the uh V Facebook you can directly check if it is I mean directly accessible or not so of course that's the that's the most easiest way to find out any sort of vulnerabilities of course the Authentication bypasses you you successfully have uh bypassed the authentication process whole mechanism itself that you can that is implemented to authorize and authenticate the the user itself uh there is something called as

host injection wherein you act as a man in mid middle attack and you redirect anyone who is trying to access uh some Facebook face facebook.com so you are directing it uh redirecting it to any sort of malicious site that's where host injection attack happens URL redirect of course so there are multiple vulnerabilities into URL redirection uh where exactly let's let's take an example like uber when you are paying uh or you are interacting with any sort of payment gateways payment Gateway uh is to you know is always a third party site so wherein if you I mean if you try to focus on C whenever you are doing a payment it is getting redirected to any

other websites before you you know enter the details and all the stuff so when you enter the details and the redirection you are getting redirected with a man man b attx or any sort of malicious user you are being redirected to any XYZ malicious website and there your payment Gateway payment details will be grabbed or uh you know uh taken upon exib data mining uh exib data mining I have a I mean interesting example for this Facebook Okay so so whenever we take a photo what kind of details would be there behind that photo as a metadata anyone knows that about that what kind of are there loc like locations and what what else owners the pixel data yeah like all

the datas of the data data of data metadata of the photos right so there was a use case uh where someone had got a bounty of $20,000 from Facebook just by the metad just he was able to see the metadata of some other users so what happened was there was some girl who had uploaded her photo uh long back in 2016 or 17 she had uploaded her photo of uh you know she she had uploaded XY I mean normal photo which she had clicked uh and then the guy from North America so he opened that particular photo he downloaded that photo scraped out all uh you know uh got all the metadata photos I mean the

details of that so it had longitude and latitude details of that particular photo where it was captured so from North America to he he came to South and then things happened so that's where uh I mean uh that was that had came in news also and uh again that was reported and some bug Bounty Hunter had Got U of course a bounty of $20,000 on that simple Bounty simple simple he was able to get get the metadata that's it so of course there are lot of observations which is very simple in nature which you get you can get within one or two seconds or 20 I mean one or two minutes also so that you can get

paid of around $10,000 $20,000 more than that of course so I will show you an exam literally a I'm an amazing example on a bug Bounty program where so uh there was some guy who had reported vulnerabilities and there there was something called as uh session token so let's say I have reported a vulnerability to hacker when and to you know exploit or uh to uh I mean reproduce the vulnerabilities I have provided each and every steps within all my you know session tokens and everything there in that application in the report but the um U the triager was not able to reproduce that vulnerabilities so what he did is he uh provided each and every step that he was

performing onto through that application through messages soon as he got to understand that I mean he did not understand that particular hacker who was who had reported who did not understand that he has you know leaked his the Trier has leaked his administrative session tokens there which was alone not getting validated so some other XYZ uh you know uh hacker who was just going through with a report he did nothing he just went through with a report that he wanted to I mean see some um report which is uh which is something called as token bypasses or authentication token bypasses reports that he was referring on to he was trying to study things so he just saw

that the triager has I mean uh disclosed his authentication token session token uh in that particular message and then he just grabbed that token tried to log in and he was able to you know log in into the application the hacker one application which literally the Trier provides bounties right so each and everyone who who gets Pro been bounties the triager is the one who gets who pays uh to this particular to the Bounty uh bounty hunters I'll show you the

report so hacker one specifically discloses all the programs or I mean most of the reports whatever it is there who has found critical vulnerabilities here so see hacker one was notified that hacker one B boundary program by I mean one hacker one Community member a hacker that they had access a hacker One Security analyst hacker account hacker one hacker one's account the session cookie was disclosed due to the human error and that led the hacker to being able to access the account so let's see how much did he get a bounty of so this was this is the process how how what all things were happen all about the details about the observation what was there uh how did he disclose or

how did he found out the details like that so here you go here he had uploaded a summary of the session and then the report was tried the so hacker One account people people had acknowledged that observation is valid and then here you go $220,000 I mean is someone a I mean everyone able to see or not oh okay okay my

bad is it visible to everyone so we have decided award for $20,000 for making us aware that the disclose session cookie he did not nothing he did nothing he just went through with the report someone else's report he was just trying to analyze the attack scenario that's it he got $220,000

okay okay

so uh again the Recon and the process of um information gathering uh there are lot of uh application or you know software developers who tend to use GitHub gitlabs uh and multiple other repository uh websites so wherever they upload their organ their um software or any applications source code complete source code so they tend to miss a lot of things like API keys or sometimes they they you know due to human error of course so a lot of application keys are there a lot of authentication tokens are there the sometime the credential itself they have uploaded of the whole Cloud environment so things like that usually is I mean disclosed on the you know GitHub repositories so as a Bug

Hunter I would also you know if if I take an example of a Starbuck I would also try to see if at all any sort of repositories are there on the GitHub or not uh any if if at all anything is there I will I will try to look at at it and I will try to automate if at all is there any sort of sensitive information or I will try to understand if any you know website I'm trying to do an assessment of I'll try to understand if at all code is there so by doing a manual assessment or manual secure code review of that particular application I would be able to find out lot of

vulnerabilities from there and there itself without even you know interacting with the application so of course the login endpoints password handling uh HTML injections and then cross-site scripting there are these are multiple uh vulnerabilities here available I mean in the OAS top 10 uh so so you can you know there are multiple vulnerabilities of course to uh prohibit and to you know report to find out things like that uh so there is something called as HTTP web tampering file inclusion attacks which is which which which is where uh did you did you remember or see

is it visible now okay at the back are you able to see this okay

can you see this so this is something stored on the uh this particular website image files directory is there and then uh probably a W uh weight parameter or a fake URL is one or not or I mean some parameters are there so local file inclusion and then remote file inclusions most moreover you you directly get it from that particular you know while manually reviewing the source code only so you can get critical vulnerabilities like uh local file inclusions and then remote file inclusions so remote file inclusions specifically talking about you have some specific resources of the website which is which is using resource or file from any other website so remotely uh it has

stored some files and then it is getting it is extracting the files from that particular server so the main server the main application is extracting any of the resources or let's suppose a file which is you know trying to extract from that particular other servers and so there is there there is where a remote file inclusion wherein you so the attacker I mean the the web application owner or the developer has specifically mentioned that the functionality to pull out the resources of specific file which he did not put any sort of validation or any sort of input validation uh so of course which is coming on to and which kind of data it is pulling onto right so

here you you just need to change the server not the specifically but change and see if at all the whole directory structure itself is accessible or not you can of course change the directories you can change check the configuration file itself you change the files from that particular endpoint you will be able to get and grab lot of details of the hosted server and of course uh talking about local file inclusion uh the same thing same thing would be there in the in place of fake URL it will be present as a URL and there would be a directories uh details with the endpoint of any sort of PDF or any Excel sheet like that so

locally whatever the file was stored you can extract that data and try to you know uh Brute Force the directories whatever it is there with with the file name of course you can directly access that files without even you know doing a lot of stuff with authentication bypasses or doing getting into the application so within without even getting into the application you can do a lot of things from uh without even I mean on the on the login page

itself okay so about talking about the critical file um found which specifically deals with you know wherever the web application is hosted uh if at all the web application is hosted and the there is something called as routing files or web configuration file wherever the application is being hosted so these kind of application or these kind of files which is sensitive in nature or any database connectivity files which should not be accessible directly to any sort of you know external user or any attacker there has to be have a directory you know uh implementation rule says that specific files within the hosted uh server should be accessible from the Internet or whatever so whenever it the

implementation of the rulle is not properly done you can directly search from uh for the critical files like web config file or any sort of data B connectivity file or any php. myadmin file directly so you you just have to you know brood Force against the domain name so let's take an example of Starbucks so ww. starbuck.com you just have to Brute Force after the directory some set of specific file names you will definitely get I mean if the directory listing and the you know implementation is not properly done you will you can get uh configurations file uh from that or any sort of sensitive data or any sensitive file which is placed on that

particular server on that directory you would be able to access

that so I I had just tried to you know um Iron Man is my favorite one so that's why we got into things and uh so of course the manual way is the most prominent way and the most I would preferred one but of course the tools it would be if you using if you're using any sort of tools or you're automating stuff it will be helping out you uh to perform any sort of bug bug hunting programs and you know to try to U uh save time from finding issues find uh Gathering informations like that so lot of tools techniques combat skills and then complex challenges if you if you have not able to you know if

you grabbing all the uh Account Details the subdomains uh you are understanding the programming languages you have uh upon opened upon all the manual review uh part like you you know inspecting elements understanding the programmingsoftware

within how I mean getting into the application and trying to do things so that's where complex challenges and then Innovation skill sets comes into picture where you have to develop things after understanding what you have done what you have analyzed till now what kind of data you have till now so that's how you will have to process

ahead okay so here this is this is I'm considering as a Javis because the tools here you get it will I mean 60 to 70% it will help you out in getting information from each and everywhere so the most favorite one is the equatone Sub sub root and then sublist through these three tools you can get most of the details of any organization uh web screenshot eyewitness AAS of course also finds out the details of the subdomain also lets you know about the DNS records canonical names everything everything uh from the aass uh tools for directory brute forcing and fuzzing the one which I was saying about the you know uh brute forcing the uh directory listing or any

end points that you can directly Access Credit I mean sensitive information that you can do from truffle hog gobster dubster and then FF so dubster uh directory search and then go Buster that Brute Forces its existing amount of you know word list it has already maintained uh so the the directory the word listing of for brute forcing it has in numbers of thousands uh not in thousands but in millions so it tries to you know Brute Force each and every elements whatever programming languages it has captured onto up till now it will brute force that particular uh directory and try to see if at all same name whatever uh if at all it gets a credentials or any sort

of sensitive information with the file name same file name it will show you the details

again so uh so there is something called as Wayback URLs and then crunch base of course I have already told you uh voy.com Dom link and then Google Fu and then bgp heet it helps you out to understand uh domain names and then their details of that application more clearly and properly so yeah so that's that's a meme for you know whenever the application is uh hosted or um got into live uh domain a live uh environment itself so that's how sometimes uh developers you know make it life this is the way they they don't have any security they don't have any proper functionality maintained but they had to go live that's that's why they

have gone live like this again some of the information some of the rare tools that you can get SEC list VPS scan webgate ga ga makes you helps you how to you know find out a lot of um directories uh related to specifically related to JavaScript files. PHP files. net files like that you can get lot of details from that way Wayback URL will help you out to you know uh extract details of each and every uh URL or you know the phase phases where the application was disclosed I mean application was um uh released from the developer side you can get lot of De details from that now you start with the you know Pro

proper uh authentication testing um from the you know login part itself you you check for so let's suppose in an authentication testing comprehensive it will be user eliminations authentication bypasses uh through brood forcing uh you check the quality of the passwords remember be functionalities autocompletes and then password forms uh various other vulnerabilities and then uh techniques you can use for authentication bypasses or technique uh mean bypassing the authentications so these are the books uh specifically you know helps me to go keep me ahead uh in terms of security understanding the viabilities and then observations which which we get uh proper techniques we will get in these kind of books so it's it's Val valuable book if you if you go

through with every book all I mean all these books you will be good to you know get a bounty so of course that's that's the book of course lot of uh courses materials are there that lets you you know uh train lets you train that you you are a proper B bounty hunter that if you take a course of them uh I don't believe that um of course you have to read a lot you have to learn a lot U do a lot of things you can find me out on this uh LinkedIn uh QR code and on the email if you have any questions please let me know okay okay thank you oh so one thing what we missed out

last but not the least so U okay I just made a list of you know um the programs which which has uh bug Bounty programs or uh bounties they are providing onto so layer zero first five are a cryptocurrency platform which provides bug bounty in this kind of amount so for single bug if you if it is much more critical which is impacting a lot of things you will get $15 million for single bug single bug uh Wormhole like uh Unis swap Aurora Krypto uh Apple itself has offered $1 million for critical vulnerabilities uh Google alone in 2024 has provided $24 million to bug bounty hunters till now in alone in 2024 actually so that's

all thank you [Applause]