1
00:00:08,800 --> 00:00:12,520
Now, let us move on with the key items in bug bounty program.

2
00:00:14,600 --> 00:00:16,070
Faust is Hackl.

3
00:00:17,170 --> 00:00:23,800
A hacker is one who enjoys the intellectual challenge of creatively overcoming limitations.

4
00:00:24,770 --> 00:00:31,550
Now, it can be a bad hacker, also known as a black hat hacker or a white hat hacker who simply hopes

5
00:00:31,550 --> 00:00:38,800
to eliminate the bad hackers depends upon your role and your intellectual ability and your goals.

6
00:00:40,190 --> 00:00:46,520
Hacker power security, we have already seen hacker power security in the last lecture, and I would

7
00:00:46,520 --> 00:00:48,260
like to just put a light on it.

8
00:00:49,410 --> 00:00:57,210
Any goal oriented hacking technique that utilizes the external hacker community to find a nonsecurity

9
00:00:57,210 --> 00:01:03,330
vulnerabilities and reduce cyber risk is known as hacker power security.

10
00:01:04,720 --> 00:01:11,500
Common examples include private bug bounty programs, public but bounty programs, time bound bug bounty

11
00:01:11,500 --> 00:01:13,120
programs, animal.

12
00:01:14,320 --> 00:01:22,360
Now we talk about security testing organizations can identify high value bugs faster with the help of

13
00:01:22,360 --> 00:01:25,150
the results driven through hacker community.

14
00:01:27,340 --> 00:01:29,380
What is hacker power dentist?

15
00:01:30,760 --> 00:01:38,260
A limited access program where selected hackers apply a structured testing methodology and they may

16
00:01:38,260 --> 00:01:44,490
be rewarded for completing security checks is known as hacker power to go to industry.

17
00:01:46,320 --> 00:01:54,060
Which means in taste, you have to apply a typical methodology to find out the results and if the results

18
00:01:54,060 --> 00:01:56,010
are acceptable, you'll get paid.

19
00:01:57,470 --> 00:02:04,210
Now, make sure that there are three types of bug bounty programs, public, private and time bound.

20
00:02:04,760 --> 00:02:06,440
Let us see what they mean.

21
00:02:07,700 --> 00:02:16,350
Public bug bounty program, it is an open program where any hacker can participate in for a chance at

22
00:02:16,370 --> 00:02:17,330
a bounty reward.

23
00:02:18,850 --> 00:02:25,750
Private bug bounty program has limited access program that select hackers are invited to participate

24
00:02:25,750 --> 00:02:28,400
in for a chance at a bounty reward.

25
00:02:29,050 --> 00:02:36,200
For example, you have a company which is not a multinational company, but it's famous in your state.

26
00:02:36,880 --> 00:02:43,600
So that is a public bug bounty program where, you know, your security issues are not top priority

27
00:02:43,610 --> 00:02:50,110
notch or your security issues are not as critical as compared to those of Google and Amazon.

28
00:02:51,440 --> 00:02:58,520
In such cases, Google and Amazon, if they want to find critical bugs that invite experienced hackers

29
00:02:58,970 --> 00:03:06,140
and tell them to find out the bugs that is known as a private Barghuti program, in case of public Bergmann's

30
00:03:06,140 --> 00:03:08,720
you programs, even you can participate.

31
00:03:09,110 --> 00:03:15,770
But in case of private bug bounty programs, if you are selected or invited to do so, then only you

32
00:03:15,770 --> 00:03:16,690
can participate.

33
00:03:18,270 --> 00:03:20,830
Next is time bound bug bounty program.

34
00:03:21,600 --> 00:03:27,780
It is a limited access program with a predetermined time frame where selected hackers have a chance

35
00:03:27,780 --> 00:03:29,320
at earning a bounty reward.

36
00:03:30,030 --> 00:03:36,090
Now, generally, Diamondback bounty programs have high reward, but also have a higher risk because

37
00:03:36,090 --> 00:03:40,240
sometimes they have to charge hackers to participate in the programs.

38
00:03:40,260 --> 00:03:46,650
It's like a hackathon where you have a limited time and you are told to find the bug in the website.

39
00:03:47,010 --> 00:03:52,310
And if you do so, then they pay you according to your skills and the results that you have delivered.

40
00:03:52,620 --> 00:03:54,300
Then what is a vulnerability?

41
00:03:55,800 --> 00:04:01,800
Vulnerability is a weakness of software, hardware or online service that can be exploited.

42
00:04:03,500 --> 00:04:07,850
Now, what is Redzepi, which is vulnerability, disclosure, policy?

43
00:04:09,020 --> 00:04:16,520
And organizations formalized a method for receiving vulnerable submissions from the outside world is

44
00:04:16,520 --> 00:04:19,290
known as vulnerability disclosure policy.

45
00:04:20,360 --> 00:04:23,900
It is sometimes referred to as responsible disclosure.

46
00:04:25,280 --> 00:04:33,350
This often takes the form of security aderet email address, for example, if you are finding bugs for

47
00:04:33,350 --> 00:04:39,230
Google, then you have to report to an inability to security advocate Google dot com.

48
00:04:41,060 --> 00:04:47,300
Now, the practice is outlined in the DOJ framework that the Department of Justice, United States,

49
00:04:47,630 --> 00:04:56,690
for one, that alleged disclosure program for online systems, and it is defined in ISO standard 29

50
00:04:56,720 --> 00:04:57,710
147.

51
00:04:58,630 --> 00:05:00,440
This was all for this lecture.

52
00:05:00,820 --> 00:05:06,670
Make sure you understand these terms, because these are the most fundamental terms you will be needing

53
00:05:07,000 --> 00:05:10,810
while searching a public or private bug bounty program.

54
00:05:11,770 --> 00:05:18,570
In the next lecture, we'll see what exactly a bug bounty program is and how it works.