Bug Bounty Reports Discussed

From reporting self-XSSes to improving browser security mechanisms - Michał Bentkowski

Sep 6, 2023
Guest
Michał Bentkowski
Michał Bentkowski, specializes in crazy XSS bugs and now works on improving security of the browsers at Google. They discuss bug prevention efforts, browser updates and serialization issues, transitioning from simple bugs to complex ones, analyzing client-side issues, the discovery of ARP spoofing, the value of diverse backgrounds, prototype pollution in bug bounties, and their plans for a YouTube channel and client-side HTML sanitization.
Ask episode
Chapters
Transcript
Episode notes
1
Introduction
00:00 • 4min
2
Browser Updates and Serialization Issues
03:35 • 15min
3
Transitioning from Simple Bugs to Complex Bugs
18:56 • 22min
4
Analyzing Client-Side Issues
40:45 • 19min
5
Exploring Initial Interest in Testing and the Discovery of ARP Spoofing
59:50 • 4min
6
Exploring the Journey to Web Security and the Value of Diverse Backgrounds
01:03:39 • 3min
7
Prototype Pollution in Bug Bounties
01:06:45 • 20min
8
Discussion about YouTube channel plans and client-side HTML sanitization
01:27:12 • 3min