In this hunting edition of the Exploring Information Security podcast, Keith Hoodlet of Bugcrowd joins me to discuss bug bounty programs.

Keith (@andMYhacks), is a solutions architect at Bugcrowd. He's also the co-host of Application Security Weekly. While Keith works at Bugcrowd, he also has a lot of experience participating in bug bounty programs. Check out his website AttackDriven.io.

In this episode we discuss:

• What are bug bounty programs?

• Who are security researchers.

• Who is running the bug bounty program?

• When should an organization implement a program.

More resources:

• Jason Haddix - Bug Bounty Hunting Methodology v2

• The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws by Dafydd Stuttard and Marcus Pinto

[RSS Feed] [iTunes]