BOOK THIS SPACE FOR AD
ARTICLE ADwhoami ❓
I am Abhirup Konwar (aka LegionHunter). I work as a full-time bug hunter and dedicate the rest of the time in understanding inner workings of open-source malwares.🥷
I have reported over 1000 bugs on OpenBugBounty as well as on HackerOne and BugCrowd along with numerous Hall Of Fame programs including NASA, American Systems (🥇Top 5 Bug Hunter) and self hosted VDP + BBP , with bugs belonging to both Client and Server Injection category, Sensitive Information Disclosure & Broken Access Control.
It was a public BBP program on BugCrowd which started on 2021, and just observing the number of already reported bugs many of us might feel like there is nothing left to hunt more as 200+ hackers already reported to it.
But it is hard to say that all test cases, vulnerable scenario areas has been touched as well as developers keep pushing new code to the environment introducing changes and opportunity for new bugs.
Let me elaborate what are the recon steps I performed and the testing process.