Disclosing Vulnerabilities

FOR FUN & PROFIT

Nikhil.P.Kulkarni

www.twitter.com/nikchillz

Nikhil Kulkarni

A 21yr old Tech Enthusiast.

A Blogger, Web Designer, Graphical

Designer

Mainly into Web App Testing

(aka Intrud3r)

facebook.com/nikchillz

twitter.com/nikchillz

File Inclusion BUG

VULNERABILITY

DISCLOSURE

FULL DISCLOSURE

RESPONSIBLE DISCLOSURE

Tools Proxy:

Burp Suite

Web Scarab

Fiddler

And many more…!!!

Firefox Addons:

Tamper Data

Web Developer Extensions

Live HTTP Headers

Firebug

Hackbar

XSS Me

And many more…!!!

Optional:

Camtasia Studio(Screen Recorder)

Snipping Tool(Screenshots)

Useful Tools:

IRONWASP

XENOTIX

And many more…!!!

$100 to $20,000

$500 to $5000

500 to $3000

Unknown Price money (Approx. $50 to $10,000)

$500 + T-Shirt

http://computersecuritywithethicalhacking.blogspot.in/2012/09/web-product-vulnerabilty-bug-bounty.html

Normal

Resume Resume with

HOF

Find Bugs

Report Them

Get Reward

Party

Broke

Never go for Full Disclosure without company’s permission.

Always see that, you’ve made a Responsible Disclosure before going for

Full Disclosure.

KEEDA Project A NULL Community Initiative

Highlights:

Informs the vendors and Certs about any

vulnerabilities found in the wild.

The credit is given to the bug submitter

itself.

Does not charge the vendor in return.

But at least a thank you letter from the

Vendor.

If vendor does not rectify the bug, the

FULL DISCLOSURE of the bug is done using

Keeda Portal.

Stored XSS in the Official Website of

DELL

DEMO

XSS CSRF SQLi And many

more

Kislay Bhardwaj

Prashanth.K.V

Riyaz Walikar

Amol Naik

Prasanna Kangasabai

Akash Mahajan

Sabari Selvan

Srikanth Rao

Himanshu Kumar Das

Suriya Prakash

Harsimram Walia

Lava Kumar

And the whole of NULL Bangalore Chapter.

Thank You

NULL Bangalore

Nikhil.P.Kulkarni www.facebook.com/nikchillz www.twitter.com/nikchillz