In this course, Play by Play: Bug Bounties for Researchers, Troy Hunt and Casey Ellis discuss bug bounties from the perspective of the individual researcher. Learn how to get started, how to find opportunities, and see what the bug submission process can look like. By the end of this course, you’ll be able to speak to the benefits of participating in a bug bounty program and have a list of further resources to explore if you want to pursue bug bounties on your own.
Troy Hunt is a Microsoft Regional Director and MVP for Developer Security. He's a regular conference speaker, frequent blogger at troyhunt.com and is the creator of the data breach notification service known as “Have I Been Pwned”.
Course Overview Hi, this is Troy Hunt. I'm a Pluralsight author, infosec professional, and someone who's particularly interested in data breaches, and the role that bug bounties can play to help us improve the industry. So my name's Casey Ellis. I'm the founder, chairman, and CTO of Bugcrowd. We were the pioneers of the Bug Bounty as a Service space back in 2012. And it's really exciting to be chatting today about how to get more researchers into this model. We've seen incredible adoption to Troy's point around, you know, using the crowd to increase defenses and make companies more resilient against these types of data breaches. Casey and I wanted to record a course on Bug Bounties for Researchers to help people who are thinking about getting involved in hunting bugs navigate their way through the nuances of bug bounty programs. So for example, when you get started, what are the legal considerations, how do you actually find bounty opportunities out there in the industry? Some of the other stuff we'll cover are things like, you know, where is there a community that I can plug into, where are there places that I can go to learn and improve my skills as a bug bounty hunter, as someone who can find vulnerabilities in systems and applications? And also, you know, what type of person do I need to be? How do I need to think? We're seeing all sorts of different walks of life come into this industry on the researchers side, people coming in from, you know, the pen test background, and folks coming in from, you know, other things like QA, development, even straight out of nontechnology roles, and actually becoming quite successful as bug bounty hunters. So we'll discuss a fair bit of the onramp that's involved in getting into this amazing space. I'm really grateful to Casey for making the time to team up with me on this, because I can't think of anyone else better equipped to talk about how to get involved in bug bounties. Yeah, we're looking forward to taking you through this program, and you know, hoping to see you join the crowd, and become part of the bug bounty movement. I hope you'll join us on this Play by Play, and learn about what it takes to be a successful bug bounty researcher.