DEV Community

loading...

What should you do if you find a bug on a platform?

Alhiane Lahcen
A young Moroccan, I got to know programming at the age of 16, and that was after I met someone and from there the story began
・4 min read

There is no system in this world that is perfect, especially in the field of informatics. Any platform, application, site, program and others may not be that professional that you think.

You may also find that one day or sometimes you find a loophole or bug in one of the digital platforms that may be your golden opportunity to finally get your spoil, A non knowledge in how to act in this case may be removed Your spoil is about you, and we are here, my friend, to help you as best as possible.

First things first, why would you ever want to report them?


I remember a funny conversation that occurred between me and one of the people who may have found a problem in the Facebook platform that enables him to view the messages of other people without having to access their accounts, our friend design this between two options: to report the vulnerability, or to use it to read his girlfriend’s fake messages Doubts wandered around him.

alt text

From a simple point of view, if he would report the vulnerability and then Facebook thanked him for that and closed it is the worst scenario that might happen to him in this case, so he decided to use it to spy on his girlfriend for a period of not less than half a day before Facebook started to close it and suspend the name of one of People who reported it in her celebrity wall, or Hall Of Fame.

If in the future you encounter the same scenario, do not hesitate to report the vulnerability, why? Because any network, platform or system in this world (especially the famous ones) have what is called an award hunting system or Bounty Program This system allows you to report gaps in sites, applications, programs and platforms, then the vulnerability is evaluated according to its severity (is it A security vulnerability, a vulnerability, just a Bug ...) Then a cash prize is released that matches the rating given.

Platforms that pay you for the vulnerability:


alt text

In order to help you to know the most prominent platforms and companies that provide Bounty Program services or pay for finding gaps, there is a bugcrowd site that provides an alphabetical list of companies that pay you for a system of gaps that do not.

But before reporting your vulnerability make sure:


There is no problem, bug, or loophole that you can get a return from, my dear brother. You cannot, for example, sit alone and try to send a message on Facebook and Twitter, and you see an error of a strange type for the first time and you think that it is Bug and accelerate in the Facebook messaging. A few dollars, it doesn’t go like that.

*First, the vulnerability should be security, meaning that it is a vulnerability in some way that threatens the safety of the user or the safety of the work team, such as the holes that lead to logging into accounts, reading messages, or viewing personal information that another user is not supposed to see.

*The vulnerability must be tested more than once in more than one way

*That the defect or the loophole be in the system or the platform itself and not a platform listed in the middle, for example if you use a specific platform and then choose to register via Facebook and then you encounter problems or Bug, this will not be calculated because the problem is only in a third party and not the platform itself.

*Not to find bugs or bugs in the Alpha or Beta version of a specific platform

How to behave when you find a loophole that fits all of the above?


Using the Bugcrowd website and then going directly to the Bug Bounty Program page of the platform in which you discovered a gap, on the page you will find a group of emails and emails or Contact Forms that you can fill out directly in order to establish a connection between you and the site officials. Later, you will receive an answer from the site owners inquiring about some inquiries such as when the vulnerability occurred, how you discovered it, responsible tools and others, and they will ask you if you have a ready solution in advance of the vulnerability, they will accept all your answers and they will correct it or apply instructions that came from you to correct it, they will tell you Also at the price that this platform will pay for such information and a few days after correcting the vulnerability the way you want it will also add your name in the Hall of Fame for people who discovered holes in the platform.

Discussion (0)