Devesh Bhatt is an application security researcher and consultant currently working with Adobe systems, Bangalore, India. He has managed and executed multiple projects involving Application/network penetration tests,vulnerability assessments and design reviews.He has written content on mobile application security for leading global online magazines. He is also listed in the Security Hall of Fame of Google and Ebay.
He is basically an Engineering graduate with Majors in Electronics and Telecommunications.His interest includes playing guitar and security research.Currently he is working on a framework for securing mobile application particularly android and IOS. He has also designed a methodology for securing the applications in cloud (SaaS)
My Experiments with truth: a different route to bug hunting
The Best way to improve the security of your systems is to hire hackers. Unfortunately, companies can’t hire all best hackers, so the companies has chosen another best way to improve their system security, “Bug Bounty Program”
Google, Facebook, Mozilla, PayPal, Etsy and many other companies pay a good amount to hackers for responsible disclosure and recently it is being started as a service in the form of “bugcrowd” Security Researchers have submitted bugs ranging from configuration issues to SQL injections.
This topic is not about what is a “Bug Bounty” program, who all is paying what amount and the scope of testing. This paper is basically focused on the approach to finding simple and yet devastating vulnerabilities, earn hefty amounts and share space with the top researchers from around the globe.
This paper depicts easy but unique methods to look for bugs online.
I started on this journey roughly five months back and kind of formulated a procedure to attack the strongest of applications in a short span of time.