Welcome in this recipe, We will talk about Bug Bounty program.
What is a bounty program?
On each bug bounty platform you have programs. Each program is either managed by the platform or run by a company. Each program consists of the following:
Scope: The scope defines what applications/services they're going to take submissions for. for instance, Yahoo permits yahoo.com, however they will not obtain vulnerabilities on yahoo.net. It additionally defines what variety of vulnerabilities the program considers valid. Not all programs can take a similar vulnerabilities. Cross-Site Scripting might even be thought-about out-of-scope for that program. it is vital to review the scope each for legal reasons and additionally to create certain you are not wasting the platforms' time.
Privacy: Most bounty platforms have programs that square measure personal which implies you would like to be invited before you'll be able to submit vulnerabilities to them. obtaining invited to those programs is either done manually by the company/platform otherwise you square measure haphazardly invited supported rank/reputation. you would like begin|to start out|to begin} submitting valid (non-duplicate) vulnerabilities to public programs before you will start obtaining invitations to personal programs. For the foremost half, personal programs include the bulk of the programs on every platform.It's important that you just do not discuss info or mention the personal programs you're invited to with others. Some programs/platforms take this seriously and can take away you from the program and/or platform if you're caught doing this.
Rewards: Some platforms have programs that square measure swag solely or don't supply rewards in the slightest degree. On most platforms you may still gain name points for valid submissions. These programs tend to induce the smallest {amount} amount of attention. that produces the free programs one in every of the simplest ways that to begin gaining rank on the platforms. this can be one in every of your best approaches to obtaining invited to personal programs.
Non-Platform Programs
Some companies run their own bug bounty program without using a bug bounty platform. Here are some of the biggest companies that run independent bounty programs.