What is BugBountyNotes?
BugBountyNotes is a platform designed to help researchers easily collaborate with each other, as well as share information relating to bugbounties including blog posts, tools, disclosed issues etc. I want to create a hubpoint for everything bugbounties whether you are new or experienced.
What gave you the idea to create this platform?
I get asked quite a lot in my DM’s how I find bugs, how I find so many, can I help with this etc. I was attending HackerOne’s live event in Amsterdam when it hit me that we as researchers need somewhere to connect with each other & to have an easy way to share & find material relating to bugbounties. Most discussions happen on Twitter or Slack and are easily missed so thats why I went down the route of creating a custom made forum. There are a lot of updates and changes coming over the next few months as I build my vision. :)
What are the goals that you are trying to achieve?
Generally, to help others. Both researchers & companies. I want to help create a system where you can easily get educated on bugbounties, whether that’s someone looking to get into it and want to learn about it, or a company interested in working with researchers and opening a bugbounty program. Not only that but it doesn’t matter if you’re new or experienced, I want to create a hubpoint for everyone.
What keeps you motivated through all this?
The community and the support they have given me :)
Is this a fully self-developed(from scratch) application? Tell us about the best features of it!
It sure is! I didn’t want to trust using any third party scripts since I knew people would poke at my site. With regards to features, I don’t want to spoil some surprises I have lined up for bugbountynotes ;) The first initial release has just been a beta-test, and now I can focus on building out some key features I feel some platforms are missing. Watch this space as BBN evolves is all I can say :D
Who are going to get benefited by it the most? Is it only for professionals?
No way! BBN is for ALL types of users, new or experienced, researcher or company. Anyone interested in bugbounties & web application security will benefit from bugbountynotes. The idea is to build a platform for everything bugbounties, you name it, we got it. :)
There were some amazing hacking challenges posted on BugBountyNotes. – Please tell us more about them, how to approach them in a beneficial manner
Thanks:) There are a lot more challenges in the works and even 5 pending to be added from other researchers which is really really awesome! I came up with the idea behind creating challenges around bugbounties because a lot of companies don’t like users disclosing issues but some users want to “show off” their skill. Re-create the bug (where possible) to allow others to try find what you found. No company info is disclosed, and people learn! There is a lot of room for the idea to grow, so watch this space. :)
This platform might help the scattered Bug Bounty Hunter community to collaborate and get together as it appears. – Does it do so? What’s your opinion about the present state of this community?
That’s the plan and yes I believe it is working so far. We’ve only been open a month and the response has been overwhelming, and as explained earlier I have some features coming out which will help researchers connect even more :) We’ve touched 600 members and growing daily which I am over the moon about considering the project is in the very early stages!
My opinion on the present state of the community? A lot more mature discussions. I feel like a lot of the problem is people feeling like some users in the community are part of an “elite group”. This is most definitely not the case in my opinion. This is one reason I started the public forum so heated-discussions didn’t have to happen over twitter with 140 max characters, people not seeing certain tweets etc. In order for this industry to mature & grow, we all need to do so ourselves. :)
Please tell us a bit more about yourself and what you do!
I’m 26 years old currently living in the United Kingdom. I’ve always been interested in computers since a young age and I mostly specialise in webapp security/coding. I really enjoy breaking other peoples websites and then working with them to understand how, and how to prevent it from happening again. I really like the idea of teaching developers to think like a hacker so when you’re developing you are questioning, “what if…” :) I’m on a mission to help educate others and to try help make the internet just that little bit safer.