A few weeks ago, we wrote about our learnings from designing and building a badge for the first time for DEF CON 26. One area we would like to rethink for next year is the approach to the badge challenge, which we wish had included more direct use of the hacking skills that make a
At Bugcrowd, we take great pride in the diversity of our community. We’re excited by the opportunity that we have every day to work with researchers of all backgrounds, interests, and skills. Today, we’re excited to launch our latest effort in this area: Bugcrowd University. Bugcrowd University is free. open-source, educational content and training available to
Hi everyone! Bugcrowd is very excited to announce LevelUp 0x02, the free, online bug bounty hunter conference! On May 26, 2018, we will host the all-day conference featuring presentations from bug bounty hunters and penetration testers, sharing best practices, strategies, and research to help level-up their fellow bug hunters. Just like last year, our goal
In order for Researchers to be successful, it is vital to clearly communicate expectations. We have refined verbiage in both the Bugcrowd Standard Disclosure Terms and the Bugcrowd Researcher Code of Conduct, and these changes are highlighted below: In the Bugcrowd Standard Disclosure Terms, we made the following change to clarify our policies for uploading
At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come. The response was overwhelmingly the same: more companies adopting bug bounties across company size and industry vertical. One researcher wrote that 2018 would be “similar to this year (2017), more companies
The following is a guest blog post from Mert & Evren, two talented researchers from Turkey. IDOR vulnerabilities are of the higher impact and higher paying vulnerabilities for web bug bounties. This article explores what IDORs are and how to find them.
Bugcrowd is putting on a conference for bug bounty hunters, but over the internet! On July 15th 2017, we will host an all-day conference with presentations from bug bounty hunters & penetration testers sharing their best practices, strategies, and research to help level-up their fellow bug hunters. Our goal for this conference is to create
This is the fifth post in our series: “Bug Bounty Hunter Methodology”. Read on to learn how you can use bug bounties to build and grow a successful penetration testing or bug hunting career. If you have any feedback, please tweet us at @Bugcrowd.
This is the second post in our new series: “Bug Bounty Hunter Methodology”. Today we explore bounty scopes, disclosure terms & rules, and how those guide you in your hacking. If you have any feedback, please tweet us at @Bugcrowd.