Before joining Swisscom Florian Badertscher worked as penetration tester, security analyst and teacher on various security topics. Working in the cyber defense team of Swisscom, he created Swisscom’s bug bounty program back in 2015 as a small side project and is still responsible for managing and running Switzerland’s now biggest bug bounty program.
Ed has numerous years of experience on both sides of the playing field: hunting for security vulnerabilities and triaging vulnerability reports. He has travelled the world to attend some of the biggest live-hacking events, one of which included hacking the US Air Force.
His latest research publication on the security implications of Continuous Integration services was voted among PortSwigger’s „Top 10 web hacking techniques of 2019“.
Back in 2017, Ed created security.txt, a proposed Internet standard which allows websites to define security policies. The Internet Draft was subsequently adopted by the IETF and is soon to be published as an RFC. security.txt files have seen adoption from Google, Facebook, GitHub, and the UK’s National Cyber Security Centre.
When he isn’t busy studying, Ed runs a collaboration program that focuses on helping others learn about security. The program currently has over 50 members from all around the globe with diverse backgrounds. Together, the program has unveiled hundreds of security flaws in popular applications.
Why you should love getting feedback from hackers
Ever wondered, if your application „survives“ in reality? Do you love getting feedback about your work? Do you like to learn? Then ask for it!
In this joint talk about security research and bug bounty programs, Ed and Florian give insights into both sides of this area of work: how to get the necessary know-how, what the best approach is to discover and systematically find all this security issues, how to handle security reports internally in a sustainable way, how to collaborate together and how to use this feedback to learn and getting better each day.
Using real-world reports from Swisscom’s bug bounty program, this talk shows that only together with all parties involved collaborating the security challenges of today can be tackled before the bad guys strike.