“IT CAN be kind of addictive,” says Emily Stark, a Californian engineer who started looking for bugs in websites in her evenings after work. “There’s a lot of low-hanging fruit out there.”
There are also a lot of Emily Starks out there, for anyone with a computer and a penchant for puzzles can be a bughunter. You learn the basics from online guides and discussion forums, and practise on websites built to be broken into, such as Google Gruyere, which gives hackers a training ground. Ms Stark earned a tidy sum reporting bugs to Twitter, Square, Slack, WePay and Coinbase. She got so good at it that Google recruited her, and she now has a full-time job in the firm’s security division. But Google also offers opportunities for those who wish to stay freelance. Its bug-bounty programme pays anything from $500 for spotting a minor security error to $50,000 for breaking into a Google-made laptop.
For Ms Stark, in her freelance days, a typical session began as it would start for many bughunters. She would pick a promising website and enumerate the ways in which users could engage with and change it, for these are the points of vulnerability...
from The Economist: Science and technology http://ift.tt/1SkbuMh
No comments:
Post a Comment