Vinod has been doing bug bounties through Cobalt since we launched in 2013. He has maintained a top position on the Cobalt Hall of Fame and has recently moved from India to the US to study Computer Security. We had a chat with Vinod to discuss his passion for security and bug bounty programs.
What is your background and how did you get into security?
I graduated from an average college in India. Then I worked as security analyst for a few different companies, serving financial and governmental clients. Now after 3 years of experience, I plan to study further and have enrolled in the Computer Security program at Stevens Institute of Technology. Computers have always attracted me and I had heard of hacking when I was a kid. My intentions were clear to become a whitehat hacker after attending a session on ethical hacking during my undergrad. In the session, they showed us how to hack a Facebook page (back then Facebook could work on non-HTTP connection which made it possible to SSL strip the connection and sniff the moving data). That demo sparked my interest and made me decide on my career.
How did you get interested in bug bounty programs?
I joined local Infosec communities to learn and share. I heard from fellow members about bug bounty programs. I was surprised at how a company rewards you for hacking them! Earning money was equally important to me as making my career in Infosec, and bug bounties made it easy.
What is the coolest vulnerability you have found (and can publicly talk about)?
I have found many cool bugs to date. My favorite one is primary email address disclosure in Facebook because it wasn’t too difficult to find; you just had to write a few Google dorks to get a good number of primary email addresses.
What do you expect from a business running a bug bounty for you to participate?
I don’t have any expectations as such, I’m satisfied with all the responses I receive from the companies.
Do you have any advice for researchers considering getting into bug bounty programs?
Nowadays, getting into bug bounty programs has become very easy as there is a lot of stuff available to read and start. People should always concentrate on the application design and flow rather than keeping an eye on conventional bugs. I also recommend reading the Web application hacker’s handbook.
You recently got into a university in the United states. Do you think your bug bounty skills help you in that?
My program at the university is Computer Security and bug bounties did help me in securing a seat for the program as universities in US look at the overall profile of a student before giving them admissions. As well as I had a recommendation from Cobalt, which was a cherry on the top.
What is your goals for the next year?
My goals aren’t very clear right now but I do have a few ideas in my mind. Moreover, I will work hard to achieve the top spot at Cobalt. So far it has been a great experience with Cobalt, which has made my learning abilities stronger.
David Sopas recently took over your no. 1 position on the Cobalt Hall of Fame. Do you have any comments?
Actually, I couldn’t work on programs in the last two months due to personal reasons. David is highly intelligent and has great skills. He will very soon score 1500 points and my wishes are with him. However I will also work hard to give him tough competition. Let us see how it will work out.