With more than 8 years of experience, I had the opportunity to study several aspects of this industry:

• As a bug hunter, I am pretty familiar with the expectations of hackers: What they look for, what are their problems, what make them more involved…

• As a consultant, I help companies to manage their program. How to choose a scope, how to create a reward policy, what are SLAs, how to handle the reports, how to deal with hackers…

• As this list shows, I spent time to study the main platforms available on the current market. Depending of some criterias (size, country, law…) some of them may fit better to your business.

In a nutshell my goal is to help all actors in the bug bounty industry to be successful and develop the programs on the long term.

Security courses

The following courses are currently available:

Web application hacking and security: the most common issues in web applications. XSS, SQLi, CSRF, SSRF, CORS… You’ll learn how to find them, what’s their impact and how to protect against them. This course mainly target developers.

Bug Bounty Overview: for CISO/RSSI or any technical director who want to know more about bug bounty. Bug bounty is the next (and last) step in term of security audit but this world is full of traps. In this course you’ll learn everything you need to avoid them.

Security audit

Specialized in LAMP models, I perform security audits on websites using those technologies, on site or remotely. The time required mainly depends on the size of the perimeter of the test, basically how many pages/scripts/functionalities are concerned.

After the audit you get a report resuming the checks performed and the issues found. Because of my developer background, I am able to understand how to fix them and potentially help in this task.