Episode 18: Audit Code, Earn Bounties
Critical Thinking - Bug Bounty Podcast
00:00
How to Audit Public Source Code Packages and Libraries
The other thing is that I don't know why I Sort of assumed this in the past but in the past I've kind of assumed that if there is a library like on In pip for Python or npm for node that that library is going to be open source and on github. But that isn't necessarily the case So there are there are sometimes where these packages are getting pushed to um, pip and tonode and that sort of thing Um, and they are not you can't go find them and read the source code on GitHub. Sometimes you'll just find like Impeded secrets and reference to external assets and and like I've had people find apikis in there before that are worth
Transcript
Play full episode
