|
|
|
|
|
|
by avisaven
3301 days ago
|
|
|
I've recently been playing around with HackerOne. It's a great way to both benefit society (by finding, reporting, and eliminating security flaws in software that people rely on) and yourself (most companies on HackerOne give Bug Bounties out, anywhere from a couple hundred to thousands of dollars, depending on the bug). Specifically, I looked at shopify's mruby bug bounty (https://hackerone.com/shopify-scripts) and used a fuzzer (AFL/honggfuzz) to find bugs in mruby, which I could then investigate and report. That specific bug bounty is a lot of C/low level security, but there are many bug bounties which are geared towards websites/web development (XSS/SQLi/etc). |
|
|