Career update:.Started my journey as a Software Engineer, based somewhere in Western India. Putting bug hunting on pause until I am all settled. Let’s go! .#BugBounty.#SoftwareEngineering.

Update:.From P3 -> None -> Not Applicable.Reason: Managed by a third party. It's disappointing, but it's part of the journey. #BugBounty

The impact:.What should be its severity?? @tabaahi_

From thinking it would be my first Critical, to getting triaged with P3 priority. I requested an RAR, mentioning the critical impact — but it still stayed at P3. Later on, even the P3 severity got cleared. 😇.What's going on? 😁 @4non_Hunter @codingo_ .#bugbounty

I contacted @BugcrowdSupport but they said only an ASE can confirm. Is this a valid submission? Will it be triaged? ID: {efbfe696-12ab-4a61-82c1-8e44b26b22db} I tried looking for Bugcrowd's policy on this but found nothing. @codingo_ @Bugcrowd . Waiting curiously.

Any help would be appreciated!.I found a vulnerable endpoint from an error that (error) was later resolved -- luckily, I had saved it in Notepad before it disappeared. The endpoint (which I got from that error) is still exploitable and reproducible. @4non_Hunter @tabaahi_.

I can send messages to any number on their behalf. The system uses the same endpoint to send OTPs for verification purposes. I even confirmed it using a real mobile number and successfully received the customized messages. My first critical? Waiting eagerly!!!.#bugbounty

Alhamdulillah.I was rewarded 100$ for this. #BugBounty

Alhamdulillah.Another one triaged!.#BugBounty

You don’t need to be the best. You just need to be better than you were yesterday. Keep pushing. Remember, every expert in any domain was once a beginner.

Alhamdulillah guys .Just got $400 for an IDOR vulnerability that exposed customer PII. Feeling good and learning new things every day. What an incredible learning experience and a great start to this journey! .#BugBounty

If you're a full-stack dev, you definitely have an edge in bug bounty & security because you understand how apps work from top to bottom. I can't upload my project demo because its over 5MB and X does not allow for a non-verified account to upload such videos having size > 5MB.

2. PostgreSQL + Sequelize for DB Management. 3. Stores Verified Emails Permanently. 4. Prevents Reusing Expired OTPs. 5. Ensures OTP Expiry & One-Time Use. 6. Standard security measures followed by modern applications.

Last month, I reported an OTP exposure bug through an API response and got paid off. So, as a full-stack developer, I built an Email Verification System using React.js, Node.js, Express.js, PostgreSQL, Sequelize. It includes all these features.👇.1. Rate-Limited OTP Requests.

Alhamdulillah guys .here is another one, I was rewarded 250$ for weak Security Configuration. #BugBounty .

Alhamdulillah.My first reward on H1. Thought it was medium severity, but they rewarded it as informative. All good, Lets goo!.#BugBounty

No Way!!!!?🥲🥲.#bugbountytip

How is this OK?.I was sure that priority P1/P2 will be assigned to it, but P3 is not making any sense. In the same report I chained it with Bruteforce,Idor via Id,Idor via phone number instead of making a new submission with full impact exposing PII at large scale. @Bugcrowd