-
Larger Scopes ?
I think i am going into much larger scope bug bounty areas, because i dont think one or few hackers have found all the bugs on these platforms. This i believe evens the odds and search elsewhere where most dont go towards and find these bugs. What do you think Chris would it be better to go into much larger scope bounties or a single scope bounty where its been tested countless times and finding anything would be damn near impossible.
-
2 Replies
-
Personally, I’d recommend that you work on applications that interest you. That’s one of the biggest factors in my consideration, because if it’s an app/project I’m interested in, I’m far more likely to stick to it than not, regardless of large or small scope
-
I am choosing target like and sticking with it for a week manually testing and lastly using tools just to see if my payloads worked. I am not jumping around like i used to Chris i am just focusing on 3 bug classes and those are of course: SQL Injection, OS Command Injection and lastly Cross-Site Scripting. I know there are 100s more but i can’t focus on more than that, when i dedicate a solid week to each target whether i find something or not it gives me times to work with a site and see what makes it tick and further investigate the tech that makes this website work behind the scenes.
So in the end each week is a new target, but it’s only sites i am interested in i stick to the same websites i know and have interest in ones i work with on a daily basis. No reason to jump around and waste time and learn everything about a new site. I am more focused and patient than i was before when i started and through your guidance and training striking gold is inevitable because NO WEBSITE is 100% secure no matter how large or advance there is always a way to break in and find bugs.
Thank you as always, Chris, your work is pure gold to me and will continue to use and reference to you have boosted my confidence like no other compared to me earlier being lost.
-
Log in to reply.