Raymond Vanyi
whoami
I am a CEO and a Lead hacker in my own company SuperiorPentest.
Profile on Hackrate
Profiles on Social Media
How many hours do you spend on bug hunting every week? etc.
Around 8-10 hours/week, sometimes more, sometimes fewer.
First steps in bug hunting
How did you get into bug bounty hunting?
Long time ago maybe when the first FB bug bounty started or when the hackerone website started their own platform.
I really like to help the Hungarian web to grow/mature, that's why I started to look forward to doing hungarian bug bounties.
Hacker insight
Start playing, learning on your own "playground" , throw a few WM in the same network and try to hack them. Also important to learn the basic IT terms and solutions, networking, programming, how the computer works etc.
Do you have any tips for our audience on what you do when you approach a new target?
Enumerate everything as fast as I can :)
Favorite bug classes
Do you have any favorite vulnerabilities to focus on during testing?
Yes, information leakage.
Certifications and Achievements
Do you have any security certificates? How important do you think certifications are nowadays?
Not that important but in the "profession" some HR lady and CEO are looking for it. I own OSCP, OSWP, CEH and a few not recognised ones. :)
What would you consider your most impressive achievement? What bounty are you most proud of?
Last year I was able to exploit an error-based in-band SQL Injection vulnerability on a mailing list signup feature, to the point of taking out the entire database. This was a reminder that no functionality can truly be overlooked. Unfortunately the public disclosure request was not accepted, not even partially. Maybe in the future the customer will change his mind.
Future of bug bounty
What is the role of automation in security testing?
It has a pretty important role. Every test starts with the automated testing phase.
What are your expectations of bug bounty platforms?
Give more exposure to the "profession" and make a secure world.
What is your impression of HACKRATE?
Nice folks, a lot of helping hands. Easy to use and nice web page and platform.