IonicaBizau
commented
8 years ago Yes, I'm a GitHub bounty hunter. I also found two security issues on bitbucket.org.
www.owasp.org was an amazing resource for me. I learned a lot about XSS and other types of exploits. Honestly, I didn't read a lot about security. I tried to exploit the things in my style, being responsible of what I was doing. Quite a few times I got in trouble, tho. :blush:
But in my case, it was relatively easy to find some security issues on GitHub and BitBucket because I use them a lot (I heavily use GitHub). I found the first security issue GitHub.com after reporting tons of little bugs on the website (design, functionality, CSS issues etc). Then I realized they offer rewards for security issues—at the time I had no idea what a bounty program is. :joy:
What I recommend is to try hacking everything. Start with the browser developer tools. An easy workflow is to try to bypass the client validation with the hope there is no server side validation. Don't stop here: try to have a working exploit workflow.
This happened to me: I found that the GitHub public emails are not validated and I reported it as a security issue. They said it's a low risk bug. After few months a smart lady found a working exploit based on that.
The lesson is to never give up, but don't waste the time in breaking something that is impossible (for you) to break.
I saw on you profile that you also do some security / bug bounty activities. I would like to know how would one start learning about such things. What sites are of use and what tools do you use to find bugs / test code.
Thanks