Shubs Shah on finding riches (and lessons) from bug bounty hacking

Shubham Shah is a brilliant hacker who quit his pen-testing job to hack for cash in bug-bounty programs. He quickly mastered the game of automating automating pre-breach reconnaissance and zero in on common webapp programming and configuration errors. Shubs, now co-founder at Assetnote, joined Ryan on the show to talk about the stressful life of a fulltime bug-bounty hunter, advancements in web app security defense, and how automation is completely rewriting the bug-discovery business.

Links:

• Assetnote
• Shubs Shah: Hacking on Bug Bounties for Four Years
• High frequency security: 120 days, 120 bugs
• h2c Smuggling: Request Smuggling Via HTTP/2 Cleartext (h2c)
• H2C Smuggling in the Wild