Video: Bug Hunting as a Second Income

EH-Net Live July 2018 - Bug Hunting as a Second Income - Haddix - Video ThumbVideo and Slide Deck from EH-Net Live! July 2018

When most think of selling bugs, they have visions of the underground hacking scene populated by nefarious characters using their 0-days for illegal activity. But what if you could get in on the bug hunting action without the worry of law enforcement? You can now!

Companies not only use 3rd party software that has bugs, but more and more they also have their own proprietary or custom code that most certainly has bugs. The new-school world of “bug bounty” has incentivized a whole new hacking scene, where companies can take advantage of white hat hackers to find these bugs for fame and nominal rewards. Companies are starting to learn it’s much cheaper to find them from internet-do-gooders than from a massive breach and before they have to pay crypto-currency to criminals.

It’s a seller’s market out there! In 2017, the CVE saw an increase of more than 128% from 2016. For 2018, the upward trend is already continuing. How do you get in on the action? Jason Haddix, VP at Bugcrowd, will give you the insider’s view of how it’s done.

Agenda for “Bug Hunting as a Second Income”

    • Intro by Don Donzal, EH-Net Editor-in-Chief
    • Preso by Jason Haddix
      • Bio
      • Bug Hunting 101 – Know your skillset
      • The common journey, web applications
      • The great equalizer, reporting
      • Focus – Best bang for the bug
      • Path to success
    • Q&A
    • Post Game in EH-Net in the new “Bug Hunting” Group

Full Video

Slide Deck

EH-Net Live! - April 2018 - PDF Slide Deck DL


EH-Net Live! June 2018 – Guest Bio

EH-Net Live July 2018 - Bug Hunting as a Second Income - Haddix - PicJason Haddix, VP of Trust and Security at Bugcrowd, Inc.

I am passionate about information security. Not only is security my career focus but it’s my hobby. I absolutely love my job.

In my previous role as Director of Penetration Testing I led efforts on matters of information security consulting. The gamut stretched from developing test plans for Fortune 100 companies to competing in “bake-offs” to win business against other top tier consulting vendors.

In my current role I serve as the Director of our Application Security Engineers and Technical Operations. This means I am an extension of (and advisor to) over 300+ security programs across many industry verticals. Under my direction, my team has triaged over 15,000 vulnerabilities this year alone. We also strive to keep the relationship between vulnerability researcher and customer a good one.

While I never call myself a “master” of anything, I do have a very particular set of skills; skills I have acquired over a very long career. These skills make me adept at getting business, finding security vulnerabilities, and eventually leading a customer to a better security posture.

Jason is a regular columnist for EH-Net. See all articles by Jason Haddix.

See all EH-Net Live! Webinars.

Tags:

This topic contains 0 replies, has 1 voice, and was last updated by  Don Donzal 1 month ago.

  • Author
    Posts
  • #168833
     Don Donzal 
    Keymaster

    Video and Slide Deck from EH-Net Live! July 2018 When most think of selling bugs, they have visions of the underground hacking scene populated by nefa
    [See the full article at: Video: Bug Hunting as a Second Income]

You must be logged in to reply to this topic.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Copyright ©2018 Caendra, Inc.

Sign in with Caendra

Forgot password?Sign up

Forgot your details?