Andrey (azangru) wrote,

A trending link on Hacker News is to a blog post by a guy who checked Github Pages for security vulnerabilities, found some high-risk ones, and received $35,000 in bug bounty money. The guy identifies as a security researcher and a programmer. He was also, at the time of discovering those vulnerabilities, a high-school student, 17 years old or thereabouts.

The github's bug bounty program had been announced on the site called hackerone; so I looked it up. There are some education materials for would-be hackers there, among which I found a charming video about looking for front-end vulnerabilities, which gives an interesting insight into a hacker's mind. The host of that show, a self-identified hacker, admits about himself (at around 9:25) that he is a "non-code person". He also doesn't seem to have ever worked with browser dev tools — instead, he's been using something called burp for hacking.


  • (no subject)

    On the prevailing ideology in the industry, continued. Heydon is a designer. And a web developer. He is a fairly recognizable figure in the frontend…

  • (no subject)

    Airborne — as opposed to what? Was any other hypothesis of its transmission ever seriously considered (apart from the strange countries, such as…

  • (no subject)

    Crap! Why is it that almost anything that smacks of nice dev experience turns out to be an antipattern? I thought we were being pretty clever for…

  • Post a new comment


    default userpic
    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.