[Owasp-norway] OWASP Norway Chapter meeting January 26th - Bug Bounties with Frans RosÚn

Erlend Oftedal erlend at oftedal.no
Tir 17. Jan 2017 14:10:02 UTC


Hello and happy new year

The next chapter meeting will be at 26th of January at Teknologihuset.

Frans RosÚn is coming over from Sweden to talk about bug bounties and
bounty hunting. He will also do a brand new talk about DNS hijacking. This
should be fun!

Sign up here or send me an email:
https://www.meetup.com/OWASP-Norway/

*We are looking for a pizza sponsor. Please contact use if your company
wants to do this.*

Agenda:

*Bug bounties – What, how and why?*
Going through the current state of bug bounties, what is it really? How do
you start, and why? Frans will give some insights being one of the top
ranked hackers on HackerOne and Bugcrowd and will share some advices on
getting started together with some examples of fun bugs.(30 min)


*DNS hijacking using cloud providers – no verification needed*
A few years ago, Detectify did a blog post regarding domain hijacking using
services like AWS, Heroku and GitHub. These issues still remains and are
still affecting a lot of companies and there are many tools to find these
vulnerabilities that have popped up after this went public.

However, there are many more ways to hijack domains, nameservers and
DNS-providers. The tools out there are missing these cases completely.
Frans will go through both the currently disclosed and the non-disclosed
ways to take control over domains and will share the specific techniques
involved.(50 min)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-norway/attachments/20170117/35e887ac/attachment.html>


More information about the Owasp-norway mailing list