Skip to main content

Bug Bounty vs. Security Scanner

 

A lot of folks don't know the difference between a bug bounty program and automated security scans. Here is a cheat sheet to quickly learn the major differences.



Security Scanner

Bug Bounty Program


Synonyms


Web application scanner

Security scanner

DAST



Penetration Testing

Pen Testing

Ethical Hacking

Security Testing

Bug Bounty Programs



Definition


DAST stands for Dynamic Application Security Testing. 


Is the process of testing web, mobile,

and API applications to find vulnerabilities

and security bugs through automated tools




Is the process of finding security bugs through human intelligence.


A security tester might use and modify automated tools to find hard-to-find vulnerabilities.


Code Access


No code access is required.

Most of the tools are language and technology agnostic



No code access is required. Internal technology stack knowledge helps create tailored tests


Live Traffic Access


No access to live traffic is required



No access to live traffic is required


Supported Technologies


Different tools are required for Web, Mobile, REST API, GraphQL testing



Uses all kinds of techniques including, manual web/mobile UI fuzzing, Burp tests for web/APIs, shell scripts, etc.



Common Vulnerabilities Found


SQLi, XSS, Server Configuration, etc.



Zero-day, logic flaws, unauthorized data access, account takeovers, access to PII/financial data, etc.



Pros


Automation means it can run continuously against the dev environment



Finds hard-to-find vulnerabilities


Cons


Limited coverage and finds less-frequently found issues



Done less frequently, most companies perform penetration testing once every 3/6/12 months.



Cost


Low-cost



High-cost


Developer Friendly


Finding are spread across production configuration and code.

Not all findings require developers to fix them.

E.g. server configurations, SSL, etc, require

the DevOps or the production support team to fix it.


The developers hate or don’t get a lot of the suggestions.

Working with developers is a major pain point.



Most findings require developers to fix the issues. 


Most findings are code-related and are regular bugs


Developers get most of the issues and happily add them to their bug list.


Popular Tools


Free API Scanner

https://apisec-inc.github.io/pentest/



Qualys Web app Scanner

https://www.qualys.com/apps/web-app-scanning/



Mobile App Scanner

https://www.ostorlab.co/




Bug Bounty Program

https://www.hackerone.com/


Web app testing

https://portswigger.net/burp/communitydownload



 


Comments

Post a Comment

Popular posts from this blog

Access multiple Databases in JPA

According to JPA specification we can define multiple "persistence-unit" elements (i.e. like below) in persistence.xml file and can easily refer them inside Dao layers as this. public class PolarDaoImpl {     @PersistenceContext(unitName="PolarPU")     protected EntityManager entityManager; -- } public class BearDaoImpl {     @PersistenceContext(unitName="BearPU")     protected EntityManager entityManager; -- } Checkout sample persistence.xml <?xml version="1.0" encoding="UTF-8"?> <persistence version="2.0" xmlns="http://java.sun.com/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/persistence http://java.sun.com/xml/ns/persistence/persistence_2_0.xsd">     <!-- Database 1 -->     <persistence-unit name="PolarPU" transaction-type="RESOURCE_LOCAL">         <
3 comments
Read more

JPA 2 new feature @ElementCollection explained

@ElementCollection is new annotation introduced in JPA 2.0, This will help us get rid of One-Many and Many-One shitty syntax. Example 1: Stores list of Strings in an Entity @Entity public class Users implements Serializable {     private static final long serialVersionUID = 1L;     @Id     @GeneratedValue(strategy = GenerationType.AUTO)     private Long id;     @ElementCollection     private List<String> certifications = new ArrayList <String> ();     public Long getId() {         return id;     }     public void setId(Long id) {         this.id = id;     }     public List <String> getCertifications() {         return certifications;     }     public void setCertifications(List <String> certifications) {         this.certifications = certifications;     } .. }         Users u = new Users();         u.getCertifications().add("Sun Certified Java Programmer");         em.persist(u); Generated Tables    Users    Co
21 comments
Read more

Reuse JPA Entities as DTO

Note : Major design advantages of JPA Entities are they can detached and used across tiers and networks and later can by merged. Checkout this new way of querying entities in JPA 2.0 String ql = " SELECT new prepclass2.Employee (e.firstname, e.lastname) FROM Employee e "; List<Employee> dtos = em.createQuery(ql).getResultList(); The above query loads all Employee entities but with subset of data i.e. firstname, lastname. Employee entity looks like this. @Entity @Table(name="emp") public class Employee implements Serializable {     private static final long serialVersionUID = 1L;     @Id     @GeneratedValue(strategy = GenerationType.AUTO)     private Long id;     @Column     private String firstname;     @Column     private String lastname;     @Column     private String username;     @Column     private String street;     @Column     private String city;     @Column     private String state;     @Column     private String zipc
11 comments
Read more