Ashwath K & Ankit Anurag


Talk Title :

Handling A Bug Bounty program From A Blue Team Perspective


Abstract :

Bug Bounty programs have conventionally become one of the most trusted strategies for ensuring thorough application testing to find out the vulnerabilities in an application that the regular, periodic pentesting might have missed.

This, however, can be massively painful for the organization which will be flooded with different ‘attack’ traffic hitting them from all over the world, if the blue team is not aptly prepared.

For an organization opting for a bug bounty program, it is imperative that it proactively looks for and mitigates the operational as well as performance risks arising from it so that the defense rules can be noiseless and focus on finding real adversarial traffic; at the same time, ensuring a good experience for the researchers of the bounty program.

Bio :

Ashwath currently works as a Staff Engineer at Razorpay. He has previously worked at Synopsys and Microsoft Corp. His interests are in Cloud Security, Red teaming, Application security (Web Applications), and Threat Modeling. He has released plugins for Burp to handle complex authentication mechanisms. He has presented at Rootconf, FS-Isac, Nullcon, Cocon, Bright Talk, 50p (HasGeek), and technical conferences conducted by SAP, IAF, Infosys, and NetApp amongst others.

Want to connect with Ashwath K?

Ankit is currently working as the Lead Security Engineer at Razorpay. He has previously worked at TCS, Tata Motors, and ICICI Bank. His interests are in Security Operations, Threat Hunting, Threat Intelligence, and Incident Response. He is an AWS certified Security Specialist and likes to learn/write about aws and cloud-based security and monitoring control.

Want to connect with Ankit Anurag?