1
00:00:08,280 --> 00:00:15,550
Now the question arises, why will organizations hire you or why you have to work with hackers?

2
00:00:15,750 --> 00:00:19,650
Why don't you just have a security team and just tell them to take the vulnerability?

3
00:00:20,120 --> 00:00:29,820
Organizations as diverse as Starbucks and BMB, GitHub, that is on media, LendingClub, PayPal, Google

4
00:00:29,820 --> 00:00:37,860
and Intel and also Twitter are using bug bounty programs to reduce risk and protect customers and their

5
00:00:37,860 --> 00:00:38,490
brands.

6
00:00:38,760 --> 00:00:46,080
The customers, partners and even government agencies and industry groups now expect people to leverage

7
00:00:46,080 --> 00:00:49,520
the wisdom and power of the vast hacker community.

8
00:00:50,610 --> 00:00:58,080
It improves and skills security capabilities helps protect the assets and strengthen the company's brand.

9
00:00:58,290 --> 00:01:00,210
And they demonstrate innovation.

10
00:01:01,470 --> 00:01:09,040
Well, this line is very important, security flaws aren't shameful, the fact of software development.

11
00:01:09,660 --> 00:01:17,430
Now, if you're doing OK, if you are telling a person to code, he's a human being, you can make mistakes.

12
00:01:17,430 --> 00:01:19,110
And that is not shameful.

13
00:01:19,140 --> 00:01:26,160
They are just a fact of software development process, no matter how many processes or security measures

14
00:01:26,160 --> 00:01:27,330
we put into place.

15
00:01:27,720 --> 00:01:31,140
It is impossible to prevent all the vulnerabilities.

16
00:01:31,440 --> 00:01:39,780
But with a bug bounty program, we can extend the processes to handle these bugs safely and efficiently

17
00:01:40,050 --> 00:01:41,450
by inviting hackers.

18
00:01:42,300 --> 00:01:49,320
The best part is that pretty easy to get started to scale your efforts as long as your career path.

19
00:01:50,470 --> 00:01:54,960
Why hacking and bug bounty is good for all of us.

20
00:01:55,970 --> 00:02:03,440
Well, we know that we cannot prevent data breaches, reduce cybersecurity crimes, protect privacy

21
00:02:03,680 --> 00:02:10,430
or restore trust in the society without pooling our defenses and asking for external help.

22
00:02:11,590 --> 00:02:19,390
Cyber security has rightfully become a company wide responsibility that goes beyond just security and

23
00:02:19,390 --> 00:02:20,200
I.T. teams.

24
00:02:22,340 --> 00:02:30,140
Public facing security solution such as a bug bounty program could involve buy in from legal finance

25
00:02:30,350 --> 00:02:32,400
and even the board of directors.

26
00:02:33,110 --> 00:02:41,450
However, people outside security and it, such as legal finance and public relations, don't necessarily

27
00:02:41,450 --> 00:02:46,540
know or have the importance of improving the skill security posture of a company.

28
00:02:47,760 --> 00:02:55,230
Now, I would like to tell you some points that are really important, well, current security measures

29
00:02:55,230 --> 00:02:57,600
cannot catch every vulnerability.

30
00:02:57,600 --> 00:03:04,570
As I have discussed, bug bounty programs can catch business logic issues that a scanner will miss.

31
00:03:05,460 --> 00:03:12,030
For example, if your internal security team or a company's internal security team is being told to

32
00:03:12,030 --> 00:03:16,410
test a website for the past seven to eight months, they will get bored.

33
00:03:16,590 --> 00:03:22,010
And probably after some time they will lose their focus and will miss critical vulnerabilities.

34
00:03:22,470 --> 00:03:30,030
But instead, a bug bounty hacker can find those programs or vulnerabilities and then can report them.

35
00:03:31,550 --> 00:03:39,050
Another important advantage of bug bounty program is that they offer ongoing testing, unlike point

36
00:03:39,050 --> 00:03:39,890
in time testing.

37
00:03:41,470 --> 00:03:48,790
Bug bounty programs enlist the help of experienced hackers to find one reliabilities before attackers

38
00:03:48,790 --> 00:03:49,090
do.

39
00:03:50,170 --> 00:03:53,470
And I would like to tell you that bug bounty programs.

40
00:03:54,420 --> 00:04:01,530
Have become a best practice in the industry and are used by companies and governments around the world,

41
00:04:01,950 --> 00:04:09,210
including U.S. Department of Defense, Hyatt Hotels, Goldman Sachs and a lot more companies.

42
00:04:11,090 --> 00:04:18,200
About bounty program go with software development lifecycle is very important, first, it's training

43
00:04:18,200 --> 00:04:19,640
and risk assessment.

44
00:04:21,890 --> 00:04:28,740
Revelations of missing best practices and the subsequent gaps and security risks that are true, but

45
00:04:28,760 --> 00:04:36,050
boundaries these to bounties present a leading indicator for the next training session, which means

46
00:04:36,050 --> 00:04:41,480
that if a company has found out some exploits or vulnerabilities in the services through background

47
00:04:41,480 --> 00:04:45,620
programs, they might need to train the staff in order to avoid them.

48
00:04:46,550 --> 00:04:47,990
Then comes requirements.

49
00:04:48,560 --> 00:04:55,490
Bug bounties, identify issues that were not found prior and provide valuable input to guide to the

50
00:04:55,490 --> 00:04:57,410
development of the organization.

51
00:04:58,700 --> 00:04:59,900
Birder's design.

52
00:05:01,030 --> 00:05:08,290
Bug bounties reveal insecure coding practices and the unknown risks associated with a certain architecture,

53
00:05:08,680 --> 00:05:10,940
design or code implementation.

54
00:05:11,770 --> 00:05:17,440
This informs organization that the design and architectural approach needs to be modified.

55
00:05:18,990 --> 00:05:24,360
This development bug bounties reveal critical vulnerabilities in the software.

56
00:05:25,200 --> 00:05:32,640
This is the ultimate goal to make the unknown issues known and fix prioritized before criminals can

57
00:05:32,640 --> 00:05:33,350
exploit them.

58
00:05:34,430 --> 00:05:35,840
Fifties testing.

59
00:05:36,790 --> 00:05:43,450
Now, dynamic testing, which is bug bounties, can be deployed in sandbox development environment as

60
00:05:43,450 --> 00:05:49,900
well as live production, so dynamic results in faster and more effective feedback loops.

61
00:05:50,470 --> 00:05:56,710
Instead of developing the software completely and then allowing bounty hunters to find the vulnerabilities,

62
00:05:57,080 --> 00:06:04,150
an organization can simply allow the hackers to work on the project and find vulnerabilities while the

63
00:06:04,150 --> 00:06:05,370
development is going on.

64
00:06:07,070 --> 00:06:15,560
Second last deployment, going beyond testing bug bounties can have a significant impact on the process

65
00:06:15,560 --> 00:06:23,180
improvement, as the always on feedback from hackers blends perfectly with rapid deployments.

66
00:06:23,660 --> 00:06:25,540
And the last one is respond.

67
00:06:25,940 --> 00:06:32,840
Yes, we have to respond the basis for a good bug bounty program, the Redzepi, that is vulnerability

68
00:06:32,840 --> 00:06:39,830
disclosure policy will drive the conversations with hackers, improving the overall security posture

69
00:06:39,920 --> 00:06:40,940
of organization.

70
00:06:42,840 --> 00:06:51,260
Now, this is what introduction to the bug bounty, no matter how people choose to structure the bug

71
00:06:51,270 --> 00:06:56,970
bounty program, it can be entirely dependent upon the hackers, whether they use their knowledge to

72
00:06:56,970 --> 00:06:58,950
find the right vulnerability.

73
00:06:59,640 --> 00:07:05,460
Now, throughout this course, we will be teaching you all the phases of ethical hacking, because when

74
00:07:05,460 --> 00:07:09,920
you are a big bounty hunter, you are an ethical hacker also.

75
00:07:10,680 --> 00:07:18,330
So make sure you do not skip the videos and have your eyes and ears wide open to gain an outstanding

76
00:07:18,330 --> 00:07:23,600
knowledge and to make yourself comfortable with these bug bounty programs.

77
00:07:24,600 --> 00:07:30,720
At the end of this action, we will be also telling you the available bug bounty programs and how to

78
00:07:30,720 --> 00:07:33,810
choose and identify the right program for you.

79
00:07:34,770 --> 00:07:40,890
But before that, you would like to urge you to leave a rating for a cause, because, as I said earlier,

80
00:07:41,220 --> 00:07:43,750
your motivation is very valuable to us.

81
00:07:44,280 --> 00:07:48,870
Please take out 30 seconds of your valuable time and just leave everything.

82
00:07:49,140 --> 00:07:50,900
You just have to click the stars.

83
00:07:51,240 --> 00:07:51,830
That's it.

84
00:07:51,840 --> 00:07:52,350
You're done.

85
00:07:52,980 --> 00:07:53,940
Thank you so much.

86
00:07:54,210 --> 00:07:59,010
And let us begin with the bug bounty actual hacking series.