A Systematic Study of Hunting Bugs

Issue: Vol.8 No.2

Authors:

Shrey Sethi (Manav Rachna International University, Faridabad)

Sachin Sharma (Manav Rachna International University, Faridabad)

Keywords: Bug Bounty, Vulnerability,Security, Exploits, Web Application, Crowdsourcing.

Abstract:

Bug Bounty Program are designed to encourage security researcher, cyber security professionals or hackers to exploit Vulnerability in software or in web applications. Bug Bounty also helps developers to fix
Vulnerabilities for which individual get rewarded on the basis of type of bug reported.

Bug bounty program plays an important role in increasing the security of websites, web applications and softwares.

References:

[1] http://devd.me/papers/vrp-paper.pdf

[2] http://aronlaszka.com/papers/laszka2016banishing.pdf

[3] https://arxiv.org/pdf/1608.03445.pdf

[4] https://cobalt.io/blog/the-history-of-bug-bounty-programs/

[5] https://www.google.co.in/about/appsecurity/rewardprogram/

[6] https://blog.cobalt.io/the-history-of-bug-bountyprograms-50def4dcaab3#.2m4wefkop

[7] https://www.owasp.org/index.php/Top_10_2013-Top_10

[8] http://whatis.techtarget.com/definition/bug-bountyprogram

[9] https://en.wikipedia.org/wiki/Bug_bounty_program

[10] https://www.tripwire.com/state-of-security/vulnerabilitymanagement/11-essential-bug-bounty-programs-of-2015/

[11] https://www.quora.com/How-does-one-become-a-bug-bounty-hunter

[12] AUSTIN, A., AND WILLIAMS, L. One technique is not enough: A comparison of vulnerability discovery
techniques. In Empirical Software Engineering and Measurement (ESEM), 2011 International Symposium on (2011), IEEE, pp. 97-106.

[13] CATAL, C., AND DIRI, B. A systematic review of software fault prediction studies. Expert Systems with
Applications 36, 4 (2009), 7346-7354.

[14] EDMUNDSON, A., HOLTKAMP, B., RIVERA, E., FINIFTER, M.,METTLER, A., AND WAGNER, D. An
Empirical Study on the Effectiveness of Security Code Review. In Proceedings of the International Symposium on Engineering Secure Software and Systems (March 2013).

[15] SCHOLTE, T., BALZAROTTI, D.,AND KIRDA, E.Quovadis a study of the evolution of input validation
vulnerabilities in web applications. Financial Cryptography and Data Security (2012),284-298