Hacker News new | ask | show | jobs
by cmews 1042 days ago
If you are good at security, try bug bounty hunting. Make the web safer and earn some money!
1 comments
tayo42 1042 days ago
I tried this, maybe I just suck. But my experience was pretty bad. It seems swarmed by people in 3rd world countries running scripts endlessly already. If you do find something there is still the chance the company will find a way out of it. The whole thing felt like a scam in a way, people show off their massive payment bug find, but in reality its hours of work for almost no payout
link
glitchcrab 1042 days ago
My experience tallies with this, used to work for a hosting company and we got plenty of emails from guys in India, Pakistan etc who had 'run burp suite against X and found Y'. We had no bounty program as we were fairly small fry so we said thanks and fixed the bug. You can't compete against the volume. And the big payouts take a lot of time and skill to find and exploit.
link
KomoD 1038 days ago
Yeah, those are beg bounties (not a typo) https://www.troyhunt.com/beg-bounties/
link
KomoD 1038 days ago
> It seems swarmed by people in 3rd world countries running scripts endlessly already.

For the same surface-level stuff, yeah. Other, in-depth issues, not so much.

> people show off their massive payment bug find, but in reality its hours of work for almost no payout

They don't advertise it as some "get money quick" thing just because they show off their payouts.

I occasionally find issues which make me $100, $200, $300 for a few minutes of work, it's not much but it's something.

link