Hidden Chains: Revealing High-Impact Bugs from Bounty Submissions

Explore a 42-minute conference talk by Vinay Prabhushankar and Murali Vadakke Puthanveetil from the OWASP Foundation that delves into how bounty hunters continue to bypass security measures despite defense in depth strategies. Discover curated submissions from their bug bounty program spanning both application and infrastructure security domains. Learn from real-world bugs reported to their program and how they applied these lessons to strengthen their security posture. Particularly valuable for detection and response professionals looking to enhance their capabilities, this presentation offers insights for all security practitioners across red, blue, and purple teams. Gain detailed technical analysis including root causes, technical specifics, and mitigation strategies that can be applied to elevate your own security program.