What HackerOne has learned from years of AWS bug bounties

March 5, 2021
In this session, HackerOne cofounder and security expert Jobert Abma reviews high-severity bugs that surfaced in bug bounty programs over the years for AWS applications. These are bugs that may be rewarded with bounties of up to $20,000. Jobert discusses ways to avoid the bugs altogether, reducing the risk of unintended broad access and building trust with the users of the application. The review includes bugs relating to DNS hijacks, SSRF to Amazon EC2 instance metadata, inadvertently disclosed AWS keys, public Amazon S3 buckets, and improper configurations.
Previous Video
Gro Intelligence on creating trust in the market
Gro Intelligence on creating trust in the market

We know that the world’s biggest problems, like world hunger and climate change, aren’t solved by individua...

Next Video
How big data helps Konfío approve loans for Mexican SMBs
How big data helps Konfío approve loans for Mexican SMBs

With a digital-first mindset combined with machine learning tools, Konfío leverages big data, AWS Lambda, a...