Got my first VDP swag/gift today!
Reported multiple web security issues involving authentication, session management, client-side security, and security misconfigurations through a Vulnerability Disclosure Program.
#CyberSecurity#VDP#ResponsibleDisclosure#BugBounty
First bounty: โ $250
First duplicate: โ CVSS 9.8 Critical
One rewarded my work. The other reminded me that timing matters just as much as finding the bug.
Onward to the next report ๐
#BugBounty#CyberSecurity#BugHunter#HackerOne#AppSec
@hackdartstorm Thank you! Honestly, since this is my first bounty, I'm not qualified to give you a full roadmap. It's best to look for guidance from experienced personalities. However, Iโm happy to chat and share the basic concepts and tools that helped me get started!
@sathya_cierto@Hacker0x01@Sony Use portswigger academy to learn from there what is sink and source
And others stuffs
Choose a target fetch all js file. you can see source and sink there
Then Use appropriate payload. Then you got an alert
First valid report on HackerOne ๐ฏ
Found a DOM XSS, got my first thanks On @Hacker0x01 + swag from @Sony ๐ฅ
Small milestone, big motivation.
More hunting ahead ๐
#BugBounty#HackerOne#AppSec