JavaRush /Java Blog /Random EN /Ethical hackers make almost three times more money than p...

Ethical hackers make almost three times more money than programmers

Published in the Random EN group
"Legitimate" programmers earn very decent money. It is a fact. The best shadow hackers can make a huge amount of money very quickly, but... The likelihood that they will be caught is quite high. Especially considering that the hacker fraternity has long been divided into two camps. So-called “ethical hackers” search for vulnerabilities, tell whoever needs to know about them, and get paid for it. And, as it turned out, a lot of money. The HackerOne community has published The 2018 Hacker Report , containing the results of the largest hacker survey in history. 1,698 people registered on the platform took part. In the report you can see the level of “salary” of a vulnerability hunter depending on the country of residence. Such “detectives” live best in India, where their “salary” exceeds the salary of an engineer by almost 16 times, in Argentina - 15.6 times, in Hong Kong - 7.6 times, and in the USA - 2.7 times. Hackers operate under the Bug Bounty program, through which people can receive recognition and rewards for finding exploits and vulnerabilities. The program will allow developers to detect and fix bugs before the general public becomes aware of them, preventing widespread abuse. According to 25% of respondents, rewards account for at least 50% of their income, and for 13.7% it is 90-100% of their annual income. The report also indicates that 58% of those participating in the rewards program are self-taught, and 37% are engaged in searching for vulnerabilities as a hobby, in their free time. For most hackers, the opportunity to develop, study technologies, and solve interesting problems turned out to be more important than financial gain (earnings only rank 4th in the list of motivations). About 12% of HackerOne users earn about $20 thousand per year from searching for vulnerabilities, 3% manage to earn more than $100 thousand, and 1.1% earn more than $350 thousand. Almost 25% of hackers were unable to inform the company about the found vulnerability due to lack of a communication channel.
The figure shows a visualization of cash flows by country. On the left are the payers, on the right are the recipients.
Almost half of hackers are under 25 years old and 75.1% of them have only 1-5 years of experience. So your success is not far off. If we analyze the tools used by hackers, the results will be as follows:
  • Burp Suite (included in the hacker operating system Kali Linux) - 29.3%;
  • own developments - 15.3%;
  • web proxies/scanners - 12.6%;
  • network vulnerability scanners - 11.8%;
  • fuzzers - 9.9%;
  • debuggers - 9.7%;
  • WebInspect - 5.4%;
  • Fiddler - 5.3%;
  • ChipWhisperer - 0.8%.
Regarding favorite attack vectors - XSS (28.8%), SQL injection (23.1%), fuzzing (5.5%) and brute force (4.5%). You can read the report in more detail by downloading it from the link: Source