Have you ever spotted a bug within an application? If you have, what did you do about it? Most people are unsure, but as someone looking at a career in cybersecurity, you need to make sure you do!
First of all, what do we mean by a bug? A software bug is an error, flaw or fault in a computer program or system that causes it to produce an incorrect or unexpected result. This can sometimes cause very subtle, minor impacts but in some cases it can cause an entire system to crash or break.
Not all bugs are cyber security issues, they aren’t all vulnerable to exploitation, where an attacker can use the fault to steal data, or even run code remotely. However, some of these bugs can be very serious, and allow attackers to distribute hundreds of thousands of malicious programs to users, or steal swathes of data from a database. Your username and password might be among them!
Part of being a cyber security professional is finding exploitable bugs and helping people fix them, to ensure systems are safe and secure. As well as spotting bugs, it is important to consider what you are going to do with this information and how you can efficiently report it.
Following a strong code of ethics and building up your expertise in this area is a crucial skill to have a career in cybersecurity so we have put together our top tips for spotting, reporting and resolving flaws in applications.
1. Report the flaw to the owner
Consider what to do with the bug you have found. It is up to you to decide if you would like to report the bug responsibly and ethically to the owner of the application. It is important in software security to give the owner time to fix the situation before exposing the bug to the public or taking credit for the finding.
2. Provide a detailed explanation
It is helpful to give as much information as possible to the vendor. This will maximise the chances of the flaw being fixed. Additional helpful information includes, which operating system you are working on e.g. Linux, Mac or Windows, what browser you found the bug on e.g. Safari or Chrome and whether you are up to date with the latest software.
3. Create a step by step guide
It is a good idea to create a step by step guide of how you found the bug. This will allow the application owner to find it and work on it as quickly as possible. Nothing is more helpful than the exact information in a series of screenshots. Even better, you could create a sample file to share with the vendor that would trigger the flaw.
4. Share your findings securely
Finally, you should consider if you should be sharing the information you have found on a secure channel. If your findings reveal sensitive information such as usernames and passwords, it is a good idea to contact the vendor first and discuss if they would like you to use a vetted channel to share this information.
In this video, James Lyne, talks you through how to report a bug effectively if you spot one in CyberStart Game
If you find a suspected bug or flaw in any of our tools, please contact firstname.lastname@example.org with the subject “Defect” and let us know as much as you can about the flaw.
Unfortunately, when it comes to security there is no state of 100% secure and bugs or defects may occur. If you want to work in cyber security, it’s essential you learn how to spot bugs early on and always remember to practise ethical hacking when you do!
Ready to improve your bug bounty skills? Work towards a career in cyber security with world-class products and programmes.
Interested in learning more about bugs and flaws in applications? Take your interests and train them further! You don’t need any previous experience to make a start today.
Get started right now with CyberStart Game - the most proven cyber security learning tool for young adults!
What is it? An immersive gamified cyber security learning experience. Discover how to crack codes, find security flaws and dissect criminals’ digital trails whilst playing as a cyber agent.
Who is it for? Whether you are a student interested in cyber security, a teacher looking for a resource to support your lessons and teaching coding for cyber security, or a parent wanting to inspire and educate your family – CyberStart Game is designed with you in mind.
Awesome! How can I find out more? www.cyberstart.com