Bug Bounty workshop
Herane Malhotra(drsniper) – HackerOne Brand Ambassador, holds OSCP certification and is an experienced bug bounty hunter. Herane's expertise lies in identifying logic flaws which can lead to Account Takeover. Herane also gave an energetic Bug Bounty workshop during CRACCON 2025.
5th Oct, 2025 | 10 AM to 2 PM
This 3-hour workshop will guide participants through the practical differences between pentesting and bug bounties, and dive into modern techniques for finding unidentified bugs such as postMessage XSS, OAuth misconfigurations, Broken Access Control, Business Logic flaws and more. Attendees will also learn the essentials of CVSS scoring and the art of effective report writing. The session will close with an open Q&A to clarify concepts and share insights.
​
Topics Covered:
Difference in approach: Pentesting vs Bug Bounties
Hunting for Unidentified Bugs:
* postMessage XSS
* OAuth Misconfigurations
* Broken Access Control
* Business Logic Flaws
Mastering CVSS
The Art of Report Writing
Q&A
Prerequisites:
* For participants: Basic understanding of OWASP Top 10 and HTTP requests.
* For equipment: Laptop with Burp Suite installed and Wireless hotspot / internet connectivity (if needed)