Diving Into the Realm of Source Code Review
Most of the bug bounty hunters have the same way of hacking and the approach that leads to the same bugs and a lot of duplicates. The talk will focus on encouraging the audience to look into source code review and provide a whole different way of thinking and approaching the bug bounty targets, and how as a bug bounty hunter, they can use code review skills to maximize their bug outputs. A detailed approach to source code review and white-box testing will be provided to break through the everyday black-box approach. The talk will guide the audience on an enjoyable path to get started in code review. As all bug bounty hunters have different methodologies, the talk will try to cover various code review methodologies for different types of bug hunters. Real-world examples of source code analysis will be demonstrated in the talk.
Ananda is a bug bounty hunter who has found over 600 security vulnerabilities in over 100 companies including but not limited to Yahoo, Google, Coinbase, GitLab, Dropbox, Stripe, U.S. Dept of Defense, and many more. He won the "Most Critical Bug" award in the BountyBash live hacking competition in 2019. He has multiple CVEs down his name for securing open-source software. He is one of the ambassadors of HackerOne.