Play by Play: Bug Bounties for Researchers

In this course, you’ll learn how bug bounty programs operate from the perspective of the researcher.
Course info
Level
Beginner
Updated
Jul 19, 2018
Duration
36m
Table of contents
Description
Course info
Level
Beginner
Updated
Jul 19, 2018
Duration
36m
Description

In this course, Play by Play: Bug Bounties for Researchers, Troy Hunt and Casey Ellis discuss bug bounties from the perspective of the individual researcher. Learn how to get started, how to find opportunities, and see what the bug submission process can look like. By the end of this course, you’ll be able to speak to the benefits of participating in a bug bounty program and have a list of further resources to explore if you want to pursue bug bounties on your own.

About the author
About the author

Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.

More from the author
Modern Browser Security Reports
Beginner
57m
3 Aug 2018
More courses by Troy Hunt
About the author

Bugcrowd Founder and CTO, Casey Ellis, is an infosec veteran who pioneered the Bug-Bounty-as-a-Service model, launching the first bug bounty programs on Bugcrowd in 2012.

More from the author
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi, this is Troy Hunt. I'm a Pluralsight author, infosec professional, and someone who's particularly interested in data breaches, and the role that bug bounties can play to help us improve the industry. So my name's Casey Ellis. I'm the founder, chairman, and CTO of Bugcrowd. We were the pioneers of the Bug Bounty as a Service space back in 2012. And it's really exciting to be chatting today about how to get more researchers into this model. We've seen incredible adoption to Troy's point around, you know, using the crowd to increase defenses and make companies more resilient against these types of data breaches. Casey and I wanted to record a course on Bug Bounties for Researchers to help people who are thinking about getting involved in hunting bugs navigate their way through the nuances of bug bounty programs. So for example, when you get started, what are the legal considerations, how do you actually find bounty opportunities out there in the industry? Some of the other stuff we'll cover are things like, you know, where is there a community that I can plug into, where are there places that I can go to learn and improve my skills as a bug bounty hunter, as someone who can find vulnerabilities in systems and applications? And also, you know, what type of person do I need to be? How do I need to think? We're seeing all sorts of different walks of life come into this industry on the researchers side, people coming in from, you know, the pen test background, and folks coming in from, you know, other things like QA, development, even straight out of nontechnology roles, and actually becoming quite successful as bug bounty hunters. So we'll discuss a fair bit of the onramp that's involved in getting into this amazing space. I'm really grateful to Casey for making the time to team up with me on this, because I can't think of anyone else better equipped to talk about how to get involved in bug bounties. Yeah, we're looking forward to taking you through this program, and you know, hoping to see you join the crowd, and become part of the bug bounty movement. I hope you'll join us on this Play by Play, and learn about what it takes to be a successful bug bounty researcher.