From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Modern application security
From the course: DevSecOps: Building a Secure Continuous Delivery Pipeline
Modern application security
- [Instructor] If the attackers are going to try and hack us anyway, why not offer them a prize and some money to find vulnerabilities and report back to us? The logic may sound weird but this is the backbone of the idea of bug bounties. Bug bounties reward any submissions for vulnerabilities found in production for a website or any piece of software. Security researchers sign up, then submit their findings to the organization hosting the bug bounty. If their findings are valid vulnerabilities, then they receive a prize and often money. Not surprisingly Google and Mozilla do them but also the federal government does them too. Running a bug bounty can be a little tricky. It involves coordinating legal and security to set up the program and review the results as they come in. You then have to find participants so it turns into a bit of marketing work as well. All in all this is not something to undertake lightly. Because of this there are a few commercial services that run bug bounties.…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.