GitLab Security Shorts, 29 Oct 2021

Previous Meeting

⏯

youtube image

►

From YouTube: William Bowling (@vakzz), Bug Bounty Hunter, talks about zeroing in on targets

Description

William Bowling (@vakzz on HackerOne), talks about how he chooses a bug bounty program and features to research in his bug hunting efforts.

See his full GitLab AMA at: https://youtu.be/kw168DGAILk.

Learn more about GitLab security programs at https://about.gitlab.com/security/ and our HackerOne program at https://hackerone.com/gitlab.

A

Yeah, so programs like get loud death, the source is very large, there's lots of different parts and components, so yeah definitely um reading up on what what other issues have already been uh discovered.

A

um So, whether that's other reports or looking at the patch notes and things like that, because um yeah I've found it's it's often hard to sort of um fix all instances of of the same bug.

A

So yes, if there's um you know been a, I think when I, when I first started there had been a couple of sort of file handling bugs, so that was sort of um the first area I was looking at was any anything that was touching files that were user controlled yeah. Yes, I think that's pretty good good way of narrowing it down.