Bug Hunting
LUHack
Bug Hunting
What is Bug Hunting?
- Finding vulnerabilities in software
- Reporting them to the developers
- Often done for financial rewards
Types of Bug Hunting
White Box Testing
- Access to source code
- Internal knowledge
- Comprehensive testing
- Code review
Black Box Testing
- No access to source code
- External perspective
- Simulates real-world attacks
Vulnerability Reporting
- Description of the vulnerability
- Steps to reproduce
- Impact assessment
- Suggested fixes
Responsible Disclosure
- Notify affected parties
- Allow time for fixes
- Public disclosure after resolution
CVE
- Common Vulnerabilities and Exposures
- CVE ID assigned to each vulnerability eg. CVE-2025-12345
- Common Vulnerability Scoring System (CVSS) for severity
- Assigned by companies that get CVE Numbering Authority (CNA) status
luhack.uk/w17