Introduction to Bug Bounty
How bug bounty came into existence?
In our current world, Internet has become the fuel for everything, If you have access to internet, you can almost do anything you want, like
- Shop online
- Order food
- Watch movies
- Pay bills, etc.
Literally you can do anything you want, through Mobile Apps, Websites, Software etc. All these things are made with the help of programming and everything is processed as data.
Thus, Data has become more valuable than any other things in our developing world, So protection of our data and privacy has become a very challenging & though process for all the company.
Consider an example:
You are using flipkart or amazon to buy products online, or using netflix to watch movies online. In order to use these apps you need to register and pay money. and provide your information like
- Phone number
- Date of birth
- Credit/Debit card number
- Banking information
- Home/office address, etc…
If these data are not protected safely, Just think about the risk!!
What happens if someone has access to your account ? or knows your bank details ? This could result in huge problem. that’s why data security is a must for every company.
- Sometimes the developers make mistakes in their code while developing a software (or)
- Hackers found a new method to exploit the application. (or)
- Not every company is focused on (or afford) a private security team to keep their security upto data to protect their data
In order to prevent The companies started to give rewards (money) for people (Security Researchers) who find mistakes (bugs) in their software, apps, hardwares etc. this process is considered as BugBounty (BB), find a bug and we’ll give you a bounty – that’s how the concept of BugBounty (BB) came into existence.
How much bounty are companies giving ?
It purely depends on the company and its scale, for example the most popular companies like
will give thousands of dollars (USD) in bounties. so, for an indian where dollar price is higher here in india, this a great field to get started.
If you learn security concepts and find bugs in these companies – you’ll get an average of 750$ which is equal to 50,00Rs. Pretty cool right! but don’t get fixed at that, if you find a huge impact bug in these companies, they used to provide a bounty ranging from 30,000$ to even 3 Lakh$ in the past, likewise a very low impact bug will get a bounty between 100$ to 500$.
Check out Some of the Bounties I earned Here 🙂
- Earned 1000$
2. Earned 750+50$
So, What is an Impact then, how bounty amount is decided?
Let’s say there is a shopping website, where you can buy dress online. and a security researcher find a bug where all users name and email is available, so someone can misuse the name and email, but just using the name and email there won’t be a much problem – so its a low bug – low bounty
Now in the same company, to buy dress users use credit card or netbanking to pay and receive products, now a security researcher find a way to get other users bank details – now this is a huge problem, because others can misuse your data and take your money – so it’s a critical bug – high bounty
Now where to learn the security concepts to find bugs ?
Don’t worry, we have made a course regarding this in our Youtube channel in tamil language you can check out here. (we are currently in the process of making in english language also, will release soon)
Also check Out how my course helped 14 Year old boy to earn 10,000Rs using Bug Bounty
We’ll update more content in this blog, subscribe to get the latest post. Happy Learning