How this seasoned bug bounty hunter combines Burp Suite and HackerOne to uncover high-impact vulnerabilities
ATT&CK techniques detected
T1190Exploit Public-Facing Application
79%
"’ most notable wins, a $ 38, 000 bug bounty, was uncovered using burp ’ s http request smuggler extension : i was testing an api on zoom ’ s bug bounty program and burp flagged possible smuggling. that lead turned into a $ 38k bounty. - burp suite gives hackers granular control, …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.002Tool
74%
"burp suite. visit the support center - burp suite professional is a leading web vulnerability scanner and proxy tool developed by portswigger, used by security professionals to intercept, manipulate, and analyze http requests in real time. its extensibility and powerful features …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1588.006Vulnerabilities
69%
"how this seasoned bug bounty hunter combines burp suite and hackerone to uncover high - impact vulnerabilities research academy my account customers about blog careers legal contact resellers attack surface visibility improve security posture, prioritize manual testing, free up t…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Arman S. (Tess), a full-time independent security researcher and bug bounty hunter, talked us through how he uses Burp Suite Professional and HackerOne in tandem to find and report high-value security