Undetected E02, Fredrik Almroth - Are Bug Bounties a buzzword?

Undetected E02, Fredrik Almroth - Are Bug Bounties a buzzword?

detectify logo
Detectify
Mar 19, 2020
Detectify

One could argue that bug bounties are a buzzword in security today, but what are they and what are they good for? In this episode, Laura is joined by the talented security researcher and detectify co-founder Fredrik N. Almroth (@almroot on twitter). If you can name it, Fredrik has probably hacked them including companies like Facebook, Tesla, Dropbox and Uber. Tune in for a dive deep into Fredrik's past as a bug bounty hunter and discuss how both companies and bug bounty hunters can get started in the field of Crowdsourced Security, as well as where the bug bounty industry is headed.

  2. :15 Tesla DOOM XSS

How we invented the Tesla dom doom xss
https://labs.detectify.com/2017/07/27/how-we-invented-the-tesla-dom-doom-xss/

  • :26 Google XXE 
    How we got read access on googles production servers
    https://blog.detectify.com/2014/04/11/how-we-got-read-access-on-googles-production-servers/
  • :40 Bug Bounties Continue to Rise, but Market Has Its Own 1% Problem
    https://www.darkreading.com/vulnerabilities---threats/vulnerability-management/bug-bounties-continue-to-rise-but-market-has-its-own-1--problem/d/d-id/1335689
     

    Fredrik's recommendations for bug bounty hunters:

    Tomnomnom's YouTube channel
    https://www.youtube.com/channel/UCyBZ1F8ZCJVKSIJPrLINFyA

    Stök's YouTube channel
    https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg

    • Copyright © 2024 OpsMatters™. All rights reserved.