|
|
|
|
|
|
by EdOverflow
1591 days ago
|
|
|
I am a security researcher referenced in the winning web-hacking technique on that list ("Dependency Confusion" by Alex Birsan [1]) and was ranked 7th in Portswigger's 2019 issue [2,3]. My motto has always been "Learn to make it; then break it." In other words, I invest a lot of time familiarising myself with technologies and specifications before examining how their implementation might lead to security flaws. This process usually requires reading a lot of technical documentation and source code, and becoming acquainted with how organisations implement said technologies. Once I feel comfortable with my understanding of the subject material, I start to think about how certain aspects of the technology could lead to security flaws or interesting areas of research. At times this may require out-of-the-box thinking or can even be the result of pure luck. The "bug bounty" aspect of this all tends to come into play once I want to find case studies for my research. [1]: https://medium.com/@alex.birsan/dependency-confusion-4a5d60f... [2]: https://portswigger.net/research/top-10-web-hacking-techniqu... [3]: https://edoverflow.com/2019/ci-knew-there-would-be-bugs-here... |
|
|