Web & App Testing / Bug Bounty – Are all low hanging fruits are covered by automated tools?

Dear friends, I am working in security industry since almost 10 years (mostly as consultant and presales positions for vendors). At the latest months I was getting extremely bored & I had some time on my hands.

I am planning to invest my time into bug bounty programs and web / application security testing. My question is: I feel like most of the low-hanging fruits are covered by automated tools like Burp Suite Pro, and for a beginner on this field it does not seem possible to have any meaningful outcome. I know that I think like this because I don't believe I can outsmart millions of USD's of security software investments from biggest vendors, and this is preventing me to continue.

How did you started, and how did it go? Does my feelings are right, or am I exaggerating? Assume that me, as a newcomer, and you, as a person who has automated vulnerability scanner, testing the same website, do I have a chance?

Touch here for the full post on Network Security Noblemen tumblr

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s