Blay Offers Advice on How to Become a Bug Bounty Hunter!

Blay Offers Advice on How to Become a Bug Bounty Hunter!

We talked to Abu Safian Blay  Founder, and CEO of Inveteck Global to get his opinions on the cybersecurity industry. Inveteck Global provides cybersecurity training and application development solutions to private businesses and government entities.

 

Blay is committed to providing a safer future for the organizations that we deal with every day, and trust with our data. Blay has a wealth of technical knowledge in the field, being a software engineering graduate, a pen tester, developer, security researcher, and bug bounty hunter. This is why we thought it would be an excellent idea to pick his brain about all things software engineering and bug bounty hunting. Here’s what he had to say. 

 

What inspired you to join the software engineering and security field?

We're now at a point where organizations are being hacked daily. I asked myself how we got to this point, and how exactly do these organizations get hacked? I began to develop an interest in software engineering to know how applications were developed.

 

From this, I developed an interest in cybersecurity which seemed like a natural progression. After all, it's often badly developed applications that leave companies most at risk. The more I knew about how things happened, the more I wanted to be a defender of security. 

 

What do you enjoy about bug bounty hunting?

Many Bug Bounty Hunters would answer this question by saying "I enjoy the challenge of the hunt". For me, my motivation comes from the acknowledgment I get form the organizations I protect. There's a certain prestige in being recognized for finding a vulnerability or exploit before the bad guys do. It's the bug bounty hall of fame that motivates me above all else. 

 

What advice would you give to an aspiring bug bounty hunter?

 

Bug Bounty Hunting isn’t just about opening a browser and firing Burp suite. You should expect to get some knock backs as you're learning, it's totally normal and happens to everyone. You can watch YouTube videos and take online courses on web application testing, but there's only so far you can go with this approach. Consistency is key.

 

You should practice, practice, and then practice some more. It will take time to get your first P1 bug. Instead, start with P5 bugs. Your reports may get rejected or marked as duplicates, but don't let it deter you. Let the recognition (hall of fame) motivate you, and build up your experience. 


Can you offer some simple advice to our readers about how to protect themselves online?

 

Everyone cares about his or her privacy and has a fear of being hacked. My advice is:


  1.     Always use strong passwords. By this, I mean using a combination of letters (uppercase, lowercase), numbers, and symbols. Always enable 2-factor authentication where possible. You should also avoid using just one password for all accounts.

  1.     Be careful with the forms you fill online. Always consider the WWW (who, what and where) your data is going to.

  1.     Ransomware attacks are rife at the moment. Don’t blindly trust emails or open emails from untrusted sources. 

 

How do you see the industry changing over the next decade?

 

Honestly, everyday comes with its own cyber threats. Cybercriminals always get smarter and smarter coming up with new ways of performing cyber attacks. The ways of yesterday are never the way of today. This creates more room for security experts to step up and tackle these challenges.  There is hope for anyone who wants to get into cyber security or I should say the IT/computing industry.

 



Some useful resources recommended by Blay

  1. OWASP Testing Guide 4.0  
  2. http://hackthebox.eu
  3. http://ctf365.com
  4. https://tryhackme.com

Leave a comment

Please note, comments must be approved before they are published

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.