How To Write A Good Bug/Vulnerability Report!

Tutorials & Methods
,
1

image
image1093×739 125 KB

Tired of facing rejections on bug reports? In this blog we’re going to talk about what makes a good bug report and how you can be a better and more successful bug hunter.

But Before we get into how to write a good report let’s talk about why does it matters!!

If you’re already finding really good bugs…. It doesn’t matter if the affected company can’t understand it, if you’re not crystal clear they may not be able to tell what the bug is or how it’s triggered and that can turn a $1,000 bug into a $0 dollar bug in a second.

Your job as a bug reporter is to give the most useful information as concisely as possible and let them determine the validity and impact of your bug quickly and It’s great for the company as well as their customers, and of course it also means more money in your pocket more quickly, and the better your report is the less back-and-forth communication you need to have with the team making everyone’s job easier.

So now that we know why this stuff matters what actually makes a report good or bad -:

  • Have a clear description of the bug and explain what’s the real-world business impact it gives with the reproduction steps and also by showing working examples, these examples can be in the form of proof of concept links or payloads.
  • Screenshots showing a payload firing or snippets of source code showing how and where the bug originates.

Let’s look at a couple good and bad examples of these things.

image
image743×309 95.5 KB

{ Here’s an example of Bad Report }

image

{Here’s a good Reporting format }

My final tip to you is this go read bug reports on “hackerOne”or “BugCrowd” there you can find thousands of reports from hackers ranging from the best to absolute beginners whether it’s about zero dollars or five thousand dollars there will be something to learn from the report and sometimes that’ll just be “what to do” and “what not to do” but there are plenty of great habits to learn from other hackers this is a fantastic resource and you should make use.

Enjoy!

6 Likes
2

Interesting read, pardon my noobness as i am a non-techie, what tools can i use to check for bugs in android apps? i would like to write some articles on apps being used in my country but i need info on how to come up with hardcore evidence on their vulnerabilities or their ignorance on privacy etc, are there tools i can use that do not require a hacker expertise?