►
Description
Learn more about how Riccardo Padovani (@rpadovani on HackerOne), GitLab Hero and Bug Bounty contributor, conducts security research on GitLab to identify vulnerabilities as part of our HackerOne bug bounty program.
See his full AMA at: https://youtu.be/SK_vuZCafZ4.
Check out his "Ask a Hacker" blog: https://about.gitlab.com/blog/2020/11/10/rpadovani-ask-a-hacker/.
Learn more about GitLab security programs at https://about.gitlab.com/security/ and our HackerOne program at https://hackerone.com/gitlab.
A
So
mainly,
there
are
different
things
I
can
do
so
one
thing
usually
is
catching
up
with
all
the
latest
changes
you
have
deployed
or
latest
feature
I've
been
presented
and
for
this
is
very
useful.
Your
blog,
since
the
23
of
the
month,
you
deployed
a
new
version
and
you
have
a
long
blog
post
with
all
the
new
features
you
I
can
play
tweets
so
like
now
and
these
last
few
months,
I've
took
a
look
to
the
iteration.
A
Then
now
you
can
collect
issue
by
iterations
is
a
very
useful
feature,
so
we
already
use
it
during
my
job.
We
use
for
planning,
sprints,
and
so
I've
took
a
look
if,
for
any
reason,
the
feature
itself
or
the
api
behind
it
like
graphql
or
rest.
A
If
they
leak
some
data,
I
haven't
found
anything
so
far,
but
they
suppose
that
is
because
has
it
been
implemented
similar
to
the
milestone,
so
nothing
very
new,
then
sometimes
I
take
a
look
to
the
source
code,
so
maybe
I
insert
the
most
recent
merged,
merge
requests
or
just
going
around
to
some
modules
in
the
gitlab
code
base
and
the
other
thing.
I
have
a
list
of
small
issues
that
are
not
like
real
vulnerabilities,
just
some
issues
or
some
strange
behavior,
and
I
try
to
change
them
together
or
see.