The Bug Hunter's Methodology - Application Analysis | Jason Haddix
Рет қаралды 93,399
Күн бұрынJason is the Head of Security for a leading videogame company. Previously he was VP of Trust and Security at Bugcrowd and currently holds the 29th all-time ranked researcher position. Before that, Jason had a distinguished 10-year career as a penetration tester and was Director of Penetration Testing for HP. He is a hacker and bug hunter through and through and currently specializes in recon and web application analysis. He has also held positions doing mobile penetration testing, network/infrastructure security assessments, and static analysis. Jason lives in Colorado with his wife and three children. Jason has presented all over the world teaching ethical hacking, including speaking and keynotes at conferences such as DEFCON, BlackHat, RSA, Rootcon, NullCon, B-sides, and SANS.
This H@cktivitycon talk was given at the H1-702 Live Hacking Event in Las Vegas!
Follow Jason: / jhaddix
▼ Keep up with us ▼
◇ Twitter → / hacker0x01
◇ Twitch → / hackeronetv
◇ Instagram → www.instagram....
@AnthonyMcqueen1987 6 ай бұрын
Unlike most top researchers out there who do nothing but flex their bounties and give cryptic generic advise or how they got those bugs to me those people add nothing to the community. But people like Haddix who doesnt show off how much he has made or flex his bounties actually explains in detail what he does. He also updates his style and methodology and its not for everyone but he does give detail to how he finds bugs and does his recon unlike most out there and i respect that. Researchers who flex their bounties offer nothing to the community Researchers like Haddix offer a lot to the community.
@auwalsalisu7889 6 ай бұрын
you said nothing but pure 100% truth, you literally spoke my mind
@AnthonyMcqueen1987 6 ай бұрын
@auwalsalisu7889 I am just sick of researchers out there who do nothing and show off their bounties. These people make the profession worse IMO and add nothing. Haddix on the other hand I respect.
@shiiswii4136 6 ай бұрын
@@AnthonyMcqueen1987look up Ryan John and ippsec, these guys are pure fundamentals and no nonsense in the videos
@madcane13 2 жыл бұрын
json headache... utterly... no words can explain how brilliant he is... you rock
@rynomas4948 Жыл бұрын
He is haddix bro, not headache. 😆
@viralledshow7079 Жыл бұрын
@@rynomas4948might be auto correct error brother....!😂
@wk8173 Жыл бұрын
@@rynomas4948 grateful he didn't go for json headless💀
@SankizTime Жыл бұрын
Lmao😂
@skysunset877 8 ай бұрын
I'm deeply grateful that you explained this specific procedure for bugbounty. As a beginner, it helped me a lot with my studies.
@goohaver 6 ай бұрын
same here. good luck homie
@iqyou-gw4kd 2 жыл бұрын
Thank you everyone for helping the community evolve
@eyephpmyadmin6988 Жыл бұрын
Took notes on everything, every tool, all the methodology
@MdMilonHossainNil Жыл бұрын
❤❤Oh my God, this is what I've been waiting for!! It looks beautiful!!❤❤
@AmineAb Жыл бұрын
Really informative talk, but at the end he wasn’t using Notion for the note-taking part as stated, it was Obsidian.
@esamlasheen453 Жыл бұрын
hhh i see it too
@popo_hack Жыл бұрын
Thank you Jason for this amazing presentation, it was very fruitful with alot of knowledge. I think it's very important to know where to start testing and what are the tools that can help you doing that😀
@AlecMaly Жыл бұрын
Great presentation! Thank you for sharing your expertise!
@rlfps Ай бұрын
I'll be watching this video a few times. Awesome, awesome!
@emanuelepicariello Жыл бұрын
Great video thanks, it’s time to build a proper methodology now 🕵🏽♂️
@fp1036 5 ай бұрын
Thank you for your passionate sharing Sir!
@sapienshack1711 7 ай бұрын
Jason Haddix you are awesome
@aalekhmotani3877 Ай бұрын
Thanks a lot for all this
@actuallyclover 6 ай бұрын
I went to college with Corben! Super smart guy
@0xfsec 2 жыл бұрын
Can I get the slide presentation?
@godzab 2 жыл бұрын
I second this!
@william_ade 2 жыл бұрын
This is brilliant !
@سامرسعيد-ي1ب 18 күн бұрын
“There are bugs in every single aplication”
@william_ade Жыл бұрын
how can we get the slides ??
@Khal_Rheg0 6 ай бұрын
Thank you!
@wise.wanderer.00 2 жыл бұрын
Very informative talk
@hamidrahamaabakar7995 9 ай бұрын
Good morning I'm very appreciate you
@samgold9151 Жыл бұрын
Thank you
@4liraah 8 ай бұрын
Thanks for the talk! Any chance we can get a link to the slides?
@Booom1444-_- 7 ай бұрын
Slides?
@bugs-lk3jf Жыл бұрын
Great Content , like a Boss
@anasshaikh5778 Жыл бұрын
Rustscan might not be helpful Since most of the programs have speed limitations like 10 req/s etc..
@reactivicky Жыл бұрын
Nice tips.
@Ln0rag Жыл бұрын
where to find the slides file ?
@thehackr. 2 жыл бұрын
nyc one
@esamlasheen453 Жыл бұрын
45:36 Jason It's obsidian not notion!
@TheCyberWarriorGuy Жыл бұрын
Legend :)
@ExploitDeveloper Жыл бұрын
thats good
@mariarahelvarnhagen2729 Жыл бұрын
The Financial Instruments Game
@shantanusharma5624 Жыл бұрын
Woah!! I'm the 1Kth liker of this video
@bountyproofs 5 ай бұрын
if you don't CREATE your own METHODOLOGY this is worth NOTHING for YOU
@garywilburn7384 Жыл бұрын
I'll give you a dollar if you learn to pronounce "obligatory" properly 😂
@ll-ruby..gloom-ll 9 ай бұрын
he did
@CaseyStrouse Жыл бұрын
jsnice is the best tool I've found for making sense of obfuscated js. Definitely check it out.
@awanakb4867 Жыл бұрын
how can i find these word lists
@AmineAb Жыл бұрын
Everthing is on the talk.. if you can’t find those wordlists, I don’t know how you will find bugs
@awanakb4867 Жыл бұрын
@@AmineAb i found them already. it just needed some attention.
BSides Ahmedabad
Рет қаралды 38 М.
Mail News
Рет қаралды 10 МЛН
Bug Bounty Reports Explained
Рет қаралды 154 М.
NahamSec
Рет қаралды 64 М.
The Cyberboy
Рет қаралды 89 М.