What HackerOne has learned from years of AWS bug bounties

March 5, 2021
In this session, HackerOne cofounder and security expert Jobert Abma reviews high-severity bugs that surfaced in bug bounty programs over the years for AWS applications. These are bugs that may be rewarded with bounties of up to $20,000. Jobert discusses ways to avoid the bugs altogether, reducing the risk of unintended broad access and building trust with the users of the application. The review includes bugs relating to DNS hijacks, SSRF to Amazon EC2 instance metadata, inadvertently disclosed AWS keys, public Amazon S3 buckets, and improper configurations.
Previous Article
finAPI: Digitization Democratizes Opportunity in the Financial Sector
finAPI: Digitization Democratizes Opportunity in the Financial Sector

Fintech companies like finAPI enable access to and analysis of banking data and thus support banks, financi...

Next Video
On the money: How Paystack champions African businesses
On the money: How Paystack champions African businesses

Ezra Olubi, cofounder and CTO of Paystack, discusses how picking the right tools with AWS allowed the compa...