Halloween Hacks and How to Avoid Them #SecOps Edition
It’s almost Halloween — the one night of the year when witches, ghosts, and vampires roam the streets. And if you thought those were scary, think again. In our connected world, cyber threats and attacks are lurking all around us, ready to spook people and companies every day. Whether it’s data breaches, password phishing or
Bugcrowd Badge Challenge Writeup
A few weeks ago, we wrote about our learnings from designing and building a badge for the first time for DEF CON 26. One area we would like to rethink for next year is the approach to the badge challenge, which we wish had included more direct use of the hacking skills that make a
Launching Bugcrowd University
At Bugcrowd, we take great pride in the diversity of our community. We’re excited by the opportunity that we have every day to work with researchers of all backgrounds, interests, and skills. Today, we’re excited to launch our latest effort in this area: Bugcrowd University. Bugcrowd University is free. open-source, educational content and training available to
Bugcrowd announces LevelUp 0x02, the virtual hacking conference
Hi everyone! Bugcrowd is very excited to announce LevelUp 0x02, the free, online bug bounty hunter conference! On May 26, 2018, we will host the all-day conference featuring presentations from bug bounty hunters and penetration testers, sharing best practices, strategies, and research to help level-up their fellow bug hunters. Just like last year, our goal
Researcher Documents Updates
In order for Researchers to be successful, it is vital to clearly communicate expectations. We have refined verbiage in both the Bugcrowd Standard Disclosure Terms and the Bugcrowd Researcher Code of Conduct, and these changes are highlighted below: In the Bugcrowd Standard Disclosure Terms, we made the following change to clarify our policies for uploading
2018 Predictions: It Takes a Crowd
At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come. The response was overwhelmingly the same: more companies adopting bug bounties across company size and industry vertical. One researcher wrote that 2018 would be “similar to this year (2017), more companies
How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for large bounty rewards
The following is a guest blog post from Mert & Evren, two talented researchers from Turkey. IDOR vulnerabilities are of the higher impact and higher paying vulnerabilities for web bug bounties. This article explores what IDORs are and how to find them.
Bugcrowd announces LevelUp virtual hacking conference
Bugcrowd is putting on a conference for bug bounty hunters, but over the internet! On July 15th 2017, we will host an all-day conference with presentations from bug bounty hunters & penetration testers sharing their best practices, strategies, and research to help level-up their fellow bug hunters. Our goal for this conference is to create
How to use Bug Bounties to Build Your Career – Bug Bounty Hunter Methodology
This is the fifth post in our series: “Bug Bounty Hunter Methodology”. Read on to learn how you can use bug bounties to build and grow a successful penetration testing or bug hunting career. If you have any feedback, please tweet us at @Bugcrowd.
