Bug Bounty Program

bug bounty program training

Bug bounty hunting is the act of finding security vulnerabilities or bugs in a website, and responsibly disclosing it to that company's security team in an ethical way. Bug bounties, also known as responsible disclosure programs, are setup by companies to encourage people to report potential issues discovered on their sites. Some companies choose to reward a researcher with bounty, swag, or an entry in their hall-of-fame list. If you are interested in web application security then they have a great place of honing your skills, with the potential of earning some bounty and credibility at the same time.

A bug bounty program, also called a hacker bounty program or vulnerability rewards program , is an initiative that rewards individuals for finding a valid bug and reporting it to the organization offering a reward or hall of fame. A bug bounty program is established by companies who utilize tester submissions as a form of security testing report.Reviewing by technical team of submissions, verifying valid bugs and rewarding security researchers with a bounty, a company can set up a bug bounty program for their applications in which they deals. This allows the organization to handle penetration tests in a controlled environment without having to hire for a security professional's time to do similar tests. Bounty rewards can range from 100's to 1000's of dollars depending on the severity of the vulnerability. Sometimes swag or gifts are offered as bounties as well.

Many software vendors and web sites run bug bounty programs, often paying out cash rewards to software security researchers and white hat hackers for discovering and reporting software vulnerabilities that could be exploited. Bug reports must document enough information for the organization offering the bounty to be able to reproduce the vulnerability. Bug bounty programs are often initiated to supplement internal code audits and penetration tests as part of a vulnerability management strategy.

Companies such as hackerone,Bugcrowd, Bugwolf, CrowdSecurify and Hatforce set up and run bug bounty programs on behalf of customers, accepting bug submissions and validating them, as well as making the payouts. A bug bounty program is a deal offered by many website and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to exploits and vulnerabilities. These programs allow the developers to discover and resolve bugs before the general public is aware of them, preventing incidents of widespread abuse.