Hi community,
I have good web security experience, but no experience in ethical hacking. I have some websites I think they might have vulnerabilities (maybe even SQL injection) but I did not check because it is illegal. I wrote mails to the companies asking for permission to perform a check but didn't get a single reply. I even called one of them but as soon as I mentioned the word website, I heard "no thanks" and the person hung up. This is really frustrating. I want to help people and because of all those scammers around calling random people nobody trusts me. I can understand very well why people like to hack and destroy websites, to be honest, they deserve it.
What the hack should I do to get a company accept my help?!?
1 Response
It's great that you have web security experience and are interested in helping companies identify vulnerabilities on their websites. However, it's important to keep in mind that attempting to hack into a website without explicit permission is illegal and unethical, regardless of your intentions.
Instead of reaching out to companies directly, you could consider participating in bug bounty programs. Bug bounty programs are initiatives launched by companies to invite ethical hackers to find vulnerabilities in their websites or applications in exchange for rewards such as cash or recognition. Many companies, including large tech firms like Google and Microsoft, offer bug bounty programs.
You can search online for bug bounty programs and find ones that align with your skills and interests. By participating in these programs, you can use your skills to help companies improve their security while also earning rewards for your efforts.
If you cannot find a bug bounty program that fits your needs, you could try reaching out to security researchers or communities to ask for advice on how to approach companies and offer your help in a way that is both legal and ethical.
Remember that the key to successful security testing is always to obtain explicit permission from the company or website owner before performing any testing or probing. This way, you can use your skills to help companies identify vulnerabilities and improve their security without breaking the law or harming innocent parties.
Share Your Thoughts