Bug Bounty is nothing but finding a flaw/bug on the websites.In cyber security world finding a bug on the websites are being rewarded with some amount or depending on the bug severity.Sometimes you get a T-Shirt, Hall of fame on their website or with some money reward.
Bug Bounty: Bug is flaw and bounty is a sum paid for finding a bug.
Why does a bug found in the websites ?
While creating a website the main focus of the developer is on business perspective rather than in security point of view and for example Facebook is a very vast website no one at once can make it a bug free,hence they come up with bug bounty program,were the websites is tested by hundreds of bug bounty hunters and if the bug is found,reported.
One more important thing is you cannot test or check for the bug on any websites you wish ,this should be done with their (website owner's) permission and if you don't take their permission you will be behind the bar.
Real Time Example:
Last month an Indian (Bhavuk Jain) found a bug on Sign in with Apple which affected third party application which were using it and didn't implement their own security measures.
The bug was the web token could be raised for any email address from Apple and when the signature of these was verified using this key (Apple's key) ,it showed valid id and accepted.This means the attacker could link any Email id to it and gain the access to victim's account.
For this bhavuk jain was rewarded with $100,000.
All the credit goes to Bhavuk Jain.
Thanks for reading,See you in next article!
A link for Bhavuk jain's blog https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
ReplyDeleteNice one , informative content!
ReplyDeleteGreat job, keep it up & looking forward for great work. Really liked the way you have put in the information.
ReplyDeleteGreat information
ReplyDeleteGreat work. Keep it up
ReplyDelete