Cybersecurity

User Tools

Site Tools

Trace:
tbhm:01_philosophy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

tbhm:01_philosophy [2026/05/14 09:18] – TBHM import drewtbhm:01_philosophy [2026/05/14 09:28] (current) – converted from markdown to dokuwiki syntax drew
Line 1: Line 1:
-Philosophy+====== Philosophy ======
  
-## Differences from standard testing+===== Differences from standard testing =====
 Single-sourced: Single-sourced:
-looking mostly for common-ish vulns +  * looking mostly for common-ish vulns 
-not competing with others +  not competing with others 
-incentivized for count +  incentivized for count 
-payment guaranteed and quality check based on approximation+  payment guaranteed and quality check based on approximation
  
 Crowdsourced: Crowdsourced:
-looking for vulns that aren't as easy to find +  * looking for vulns that aren't as easy to find 
-racing vs. time +  racing vs. time 
-competitive vs. others +  competitive vs. others 
-incentivized to find unique bugs +  incentivized to find unique bugs 
-payment based on impact not number of findings+  payment based on impact not number of findings
  
-## Tips / Notes:+===== Tips / Notes: =====
  
-1st party bug bounties = Google Paypal, etc +  * 1st party bug bounties = Google Paypal, etc 
-2nd party bug bounties = Bugcrowd, H1, Synack, etc+  2nd party bug bounties = Bugcrowd, H1, Synack, etc
  
 Because competition is introduced; when working in a bug bounty it is essential to have templates set up for your "most found" classes of vulnerabilities. Obviously custom vulnerabilities will always be custom writeups, but having a template for ones that come up often is essential. **Protip:** always remember to change the URLS and domains in the templates. Nothing will get a bug invalidated faster than stating the wrong domain or URLs in a report. Because competition is introduced; when working in a bug bounty it is essential to have templates set up for your "most found" classes of vulnerabilities. Obviously custom vulnerabilities will always be custom writeups, but having a template for ones that come up often is essential. **Protip:** always remember to change the URLS and domains in the templates. Nothing will get a bug invalidated faster than stating the wrong domain or URLs in a report.
  
-When designing these templates there are two really great resources to read:+When desigining these templates there are two really great resources to read:
  
-https://blog.bugcrowd.com/advice-for-writing-a-great-vulnerability-report/ +  * https://blog.bugcrowd.com/advice-for-writing-a-great-vulnerability-report/ 
-https://forum.bugcrowd.com/t/writing-a-bug-report-attack-scenario-and-impact-are-key/640+  https://forum.bugcrowd.com/t/writing-a-bug-report-attack-scenario-and-impact-are-key/640
  
tbhm/01_philosophy.txt · Last modified: by drew
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki