Bug Bounty Reports Discussed From 0 to a top bug bounty hunter - Johan Carlsson's journey to GitLab TOP1 on Hackerone
8 snips
Jan 21, 2025 
Johan Carlsson, a top bug bounty hunter on GitLab, shares his thrilling journey from newbie to expert in the bug bounty world. He discusses the challenges and triumphs of identifying vulnerabilities in client-side code, browser hacking, and the complexities of Content Security Policy. Johan emphasizes the importance of personal growth, adaptability, and community collaboration in the rapidly evolving field of cybersecurity. From playful proof of concepts to tackling server-side vulnerabilities, his insights provide a captivating look into the life of a full-time bug bounty hunter.
AI Snips
Chapters
Transcript
Episode notes
Johan's Job Quit Story
- Johan Carlsson quit his front-end developer job to gain more freedom and focus on security, especially bug bounty hunting.
- He values controlling his own time while balancing a big family and his passion for security.
Consistency Wins Leaderboard
- The GitLab HackerOne leaderboard has many top hunters inactive, enabling Johan to become #1 by staying consistently active.
- Staying with a single, fair program like GitLab has allowed him to learn and excel continuously.
Leveraging GitLab's Dev Environment
- Johan started using GitLab's Ruby-based development environment to test code interactively, speeding up bug discovery.
- This shift let him call functions and explore unknown functionalities dynamically, enhancing his efficiency.