At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come. The response was overwhelmingly the same: more companies adopting bug bounties across company size and industry vertical. One researcher wrote that 2018 would be “similar to this year (2017), more companies
Last year, we launched the Inside the Mind of a Hacker report, sharing insights into the distinct profiles and stories, gathered from the Bugcrowd researcher community. Today we’re launching our second iteration on this, Inside the Mind of a Hacker 2.0, diving deeper into the collective power and intelligence the bug bounty community brings to
The following is a guest blog post from Mert & Evren, two talented researchers from Turkey. IDOR vulnerabilities are of the higher impact and higher paying vulnerabilities for web bug bounties. This article explores what IDORs are and how to find them.
In the past year we’ve seen the Bugcrowd community more than double to more than 60,000 researchers, up from 26,782 at the beginning of 2016. With this growth comes the increasing responsibility to educate and foster the professional growth that our researchers seek every day.
Bugcrowd is putting on a conference for bug bounty hunters, but over the internet! On July 15th 2017, we will host an all-day conference with presentations from bug bounty hunters & penetration testers sharing their best practices, strategies, and research to help level-up their fellow bug hunters. Our goal for this conference is to create
This is the fifth post in our series: “Bug Bounty Hunter Methodology”. Read on to learn how you can use bug bounties to build and grow a successful penetration testing or bug hunting career. If you have any feedback, please tweet us at @Bugcrowd.
This is the fourth post in our series: “Bug Bounty Hunter Methodology”. Today’s is a guest post from Scott Robinson, @sd_robs on Twitter and SRobin on Bugcrowd. Read on to learn how to write a successful bug submission. If you have any feedback, please tweet us at @Bugcrowd.
This is the third post in our series: “Bug Bounty Hunter Methodology”. Today’s is a guest post from ZephrFish, whom you can follow on twitter at @ZephrFish. Read on to learn how to use notes and session tracking to make your bug bounty hunting more successful. If you have any feedback, please tweet us at
This is the second post in our new series: “Bug Bounty Hunter Methodology”. Today we explore bounty scopes, disclosure terms & rules, and how those guide you in your hacking. If you have any feedback, please tweet us at @Bugcrowd.