Hacker's Arena
Knowledge base and discussions group for Security enthusiasts
117 Members
Join this group to post and comment.
Naveen Sunil
Naveen Sunil
Information Technology
05 Jan 2019

Security Researchers and bug hunters in high demand

The good news for those who are interested in security is that there is no dearth of opportunity for you, especially if you are a skilled researcher. Need proof?

Today we have lot of tools that does scanning and enumerate lot of information. These tools do reveal lot of bugs. But what if everyone is using the same tool and finds the same bug?

There are bugs which is exposed only under certain conditions and those bugs are called "Logical bugs". These bugs cannot be found or mitigated by general techniques or tools. Unlike the regular bugs these are based on conditions and are not actually the bug itself. It is more of a logical flaw which could definitely lead to an exploit. That's why logical bugs are superior and Bug Bounty payouts are more for these bugs.

In order to be successful, the hunter has to know the target. Finding logic flaws requires some extensive research on the target. Mastering technology will continue to be the case as the attack surface expands. Because most developers still aren't focused on security, it remains an afterthought. The hope is that there will either be no bugs, or some talented researcher will discover a vulnerability before too much harm is done.

Bug hunters are good guys who will find vulnerable points and reports them at the right time before it is exploited by someone else.