Phil Purviance / superevr

The number of companies with bug bounty programs has increased dramatically over the last five years. A clever researcher can make easy money disclosing security vulnerabilities responsibly, and some have even turned it into a full-time job. But how do these programs actually work? I will use my personal experiences on both sides of the fence - as a bug hunter and as a bug bounty submission reviewer - to provide an exclusive look into the world of vulnerability reporting. Learn about the most common eligible vulnerabilities, how to find them, and how to increase your chances of receiving rewards. Become an effective hunter and start reporting bugs for cash in no time. Phil Purviance is a Security Associate at Bishop Fox where he researches security vulnerabilities and performs penetration testing. In the past, Phil was tasked to process crowdsourced submissions for one of the major bug bounty programs. Phil's own body of work includes the discovery and proof-of-concept exploitations of critical security vulnerabilities, design flaws, and system weaknesses in hundreds of custom web sites and web application frameworks. Purviance also consults with clients and recommends helpful countermeasures that are useful to mitigate serious security vulnerabilities. Phil has presented his research at industry leading security conferences such as Black Hat USA, AppSec USA, ToorCon, and LASCON. His recent talks include the security of HTML5, finding personally identifiable information online, and exploits against embedded systems in the home. Phil's contributions to the security community have earned him a placement into the Hall of Fame of numerous Bug Bounty programs. lol