Secrets of Google VRP. The bug hunter's guide to sending great bugs - Krzysztof Kotowicz, Google Security Team (Remote) null Delhi NCR Meet 23 April 2016 null/OWASP Combined meet
Did you ever want to know how a CSRF may be more dangerous than a stack buffer overflow? Are you curious what makes a bug critical? Have you ever wondered why Google Security Bot doesn't pay for open redirects, and not every XSS is the same? During this workshop, you'll get to know the answer to those questions - and all other secrets of the Google VRP too. You'll see how Google Security Team evaluates the incoming vulnerability reports, what do we focus on, and how to make our day by sending us a great bug. Several examples of vulnerabilities sent to our VRP will be presented - both successful submissions and rejected ones. We'll talk extensively about the differences between those to help you find and report the bugs worth your time. We'll discuss various OWASP Top 10 vulnerability types and how do they relate to Google VRP rules. Come to the workshop, talk to us and learn how to become one of the top bughunters!"
Starts at Saturday April 23 2016, 01:00 PM. The sessions runs for about 1 hour.