Bug Bounty Overview

This half-a-day course offers a complete introduction to the world of bug bounty. Tailored for directors, CISO, team leader, this session covers everything from the history and structure of bug bounty programs to real-world vulnerability reporting and triaging. Through case studies, best practices, and industry insights, participants will leave equipped with a strong foundation to begin (or improve) their bug bounty journey, both from the hacker and company perspectives.


Laravel security

Program:

Welcome & icebreaker
  • Instructor intro & participant backgrounds
  • What to expect from the day
  • What is bug bounty and why it matters
Understanding Bug Bounty: The Ecosystem
  • History and evolution of programs
  • Roles and motivations: companies, platforms, hackers, 3rd parties
  • Pentest vs bug bounty: key differences
Anatomy of a Bug Bounty Program
  • How programs are structured
  • Public vs private programs
  • What companies expect vs what hackers expect
The hacker’s side: tools, tactics & community
  • Typical profile of a hunter
  • Recon and bug hunting basics
  • Collaboration and knowledge sharing in the community
Reports: writing, triaging & managing conflicts
  • Lifecycle of a report
  • What makes a good report
  • Handling duplicates and disputes
Policy & program management
  • What companies should prepare before launching
  • Program evolution: scope, rewards, privacy
  • Common mistakes to avoid
Rules, ethics & real case studies
  • The unofficial rules of bug bounty
  • Safe harbor, disclosure policies
  • Failures and successes: Verizon, Shopify, Zomato…
Wrap-up & Q&A
  • Recap of the day
  • Resources for continued learning
  • Open Q&A and personalized advice



Gwendal Le Coguic - contact@glc.st - quotes on request - SIRET 79778302400038