this post was submitted on 28 Aug 2023
1 points (100.0% liked)

cybersecurity

0 readers
0 users here now

This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc.

founded 1 year ago
MODERATORS
 
This is an automated archive.

The original was posted on /r/cybersecurity by /u/Ill-Arm-5597 on 2023-08-28 06:31:10+00:00.


I work as a cybersecurity developer. In my company, I've developed a Web Application Firewall (WAF). My daily task involves monitoring and blocking malicious IP addresses, which can be quite dull. On the side, I'm also interested in ethical hacking, where I test the security of the applications I use without proper authorization. I've successfully identified vulnerabilities in about twenty instances, including accessing sensitive data of millions of people.

Most companies don't have a formal vulnerability reporting program (Security Response Center), so I often reach out to them directly. They are usually willing to hear about the vulnerabilities I found and sometimes even reward me with a bounty. However, from what I understand, these actions could potentially be considered illegal if pursued seriously. This realization has made me uneasy, so I've decided not to continue down this path.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here