Any guide lines for bug bounty hunters

[rahulzx]

Do you have ever participate bug bounty hunting for startup projects like publish immunefi platform? Seeking guide for start these tasks.

[1714759848]

1714759848

[1714759848]

1714759848

[1714759848]

1714759848

[1714759848]

1714759848

[1714759848]

1714759848

[1714759848]

1714759848

[hugeblack]

Do you have ever participate bug bounty hunting for startup projects like publish immunefi platform? Seeking guide for start these tasks.

Unfortunately, many of these campaigns do not abide by their promises, or at least pay using them tokens, so it is better to look for more reliable sources and then ensure that you get your profits.
If your hacking skills are good then why not try  -----> https://bitcointalk.org/sbounties.php

[yhiaali3]

I haven't experienced myself participating in bug bounty hunting for startup projects but I remember there was a member creating a thread to find contributors to form a "project bug bounty" working group.

Bug hunting is a very profitable business, but it requires great technical knowledge and mastery of several programming languages, so it is difficult for one person to do the work completely alone, so it is better to have a team.

[lixer]

Do you have ever participate bug bounty hunting for startup projects like publish immunefi platform? Seeking guide for start these tasks.

What kind of guidelines are you looking for, basically? It is not like every project has the same kind of bugs so that someone can let you know where to look for them. All you need to do is use their services and products and look for flaws and bugs in their systems and if you find something, you report it the way they have asked you to.

You should get the pattern of how you can report a bug to get a bounty on the bug bounty page on their website or whitepaper or docs. You need to have a keen eye for detail in order to be able to find any bugs since they won't be easy ones and that is the reason why they give a bounty for finding them.

[goldkingcoiner]

Do you have ever participate bug bounty hunting for startup projects like publish immunefi platform? Seeking guide for start these tasks.

Unfortunately, many of these campaigns do not abide by their promises, or at least pay using them tokens, so it is better to look for more reliable sources and then ensure that you get your profits.
If your hacking skills are good then why not try  -----> https://bitcointalk.org/sbounties.php

I noticed that many such bug bounties have changed since the old days when they would pay decent amounts of money for even small bugs. Nowadays the project managers have gotten so greedy that even big bugs are only paid a pittance. I guess that is the reason why so many of them started stating giving rewards "up to an x amount of money" for a bug which they decide how significant it is. And the decision is always arbitrary but always on the low side.

My guess is that there are too many third world programmers who have somewhat decent skills but are ok with accepting peanuts for their work.

At some point the project CEOs might regret not paying larger rewards when they notice that the bug hunters become information sellers.

[hugeblack]

At some point the project CEOs might regret not paying larger rewards when they notice that the bug hunters become information sellers.

The feeling that you are paying for the security team and the people who are active in searching for bugs is terrifying because it is a double-edged sword.

If you put a prize of $50,000 to hack your site, you will attract hackers to try to hack your site more than what would happen in the normal situation.

In short, it is the economics of cost, as profits are in exchange for security, and therefore many CEOs do not care about the privacy of customers and their data as long as a reasonable profit is achieved.
Thus, you will find that most campaigns focus on deep bugs that may lead to losing their money.

[rat03gopoh]

Seeking guide for start these tasks.

Each service has its own lguide if they have this program, broadly speaking: find it, report it, then prove it.
Just don't get your hopes up for the highest bounty even if you find a major bug. However as the above mentioned, bug hunter bounty offers are flexible (mostly below expectations). You actually have to be smarter to anticipate rejection of reports, because it could be the developer patching vulnerabilities behind quickly to argue that your findings arent serious bugs.