Coursera Spring Sale
40% Off Coursera Plus Annual!
Grab it
Explore the hidden security vulnerabilities lurking within referral rewards programs through this 25-minute DEF CON 33 conference talk by cybersecurity researcher Whit Taylor. Discover how seemingly mundane referral functionality, often overlooked by bug bounty hunters, actually harbors a treasure trove of critical security flaws. Learn about the comprehensive research methodology used to analyze referral program implementations across dozens of major platforms, uncovering business logic vulnerabilities, race conditions, and sophisticated client-side attack vectors. Examine real-world examples of cookie injection and client-side path traversal vulnerabilities that can be chained together for maximum impact. Understand how these overlooked attack surfaces led to successful bug discoveries across multiple high-profile bug bounty programs, transforming what many consider boring functionality into lucrative security research opportunities. Gain practical insights into identifying and exploiting referral program weaknesses that could significantly enhance your bug hunting methodology and help you find vulnerabilities that others miss.
