By Luke Stephens Apr 9, 2021How to Succeed in Bug Bounties as a Pentester TL;DR: As a pentester, when I first started bug bounties, it was hard. I had to change my hacking style to start earning decent money. Read on to find out exactly what changed. When I first started bug bounties, I… Read More
By Luke Stephens Apr 2, 2021Is Foundational Knowledge (Networking, Coding, Linux) Really That Important When Learning to Hack? I receive a lot of messages from people who are just starting out on their hacking journey. One of the most common questions that gets asked is "what prerequisite knowledge is required to start learning hacking?". This question comes in… Read More
By Barnett Klane Mar 30, 2021VRT v1.10 Released: Flash downgrades and extended automotive categorization In our tenth release of the Vulnerability Rating Taxonomy (VRT), we’re continuing to meet the goals we prioritized from the start: Collaborate with the community to collect feedback and expertise to drive improvement Maintain a taxonomy that reflects the latest… Read More
By Luke Stephens Mar 24, 2021The Ultimate Guide to Finding and Escalating XSS Bugs What is XSS? Cross-Site Scripting (XSS) is the most common vulnerability discovered on web applications. It occurs when an attacker is able to execute client-side JavaScript in another user’s browser. XSS is a very interesting and dynamic bug class for… Read More
By Luke Stephens Mar 12, 2021How to Regex: A Practical Guide to Regular Expressions (Regex) for Hackers Regular Expressions (a.k.a regex, or regexp) is one of those things that has a fairly steep learning curve, but once you dedicate an hour or so to learning the basics, you will find that you will be far more efficient… Read More
By Luke Stephens Mar 10, 2021Introducing: Bugcrowd Tip Jar Currently one of the best* sources of Bug Bounty resources is Twitter. That’s why we’ve started tweeting more tips and techniques to educate our researchers. The thing is, Twitter is 10% laughs, 10% education and 80% cat memez. It’s an… Read More
By Andy White Mar 10, 2021The Informational Revolution In the next few weeks we’ll be changing the Won’t Fix outcome to Informational. You may notice this shift happening gradually. This means that while you’ll see “informational” start to appear in the Bugcrowd user interface, not all references to… Read More
By Bugcrowd Product Marketing Mar 9, 2021How Does a Bug Bounty Fit into my SDLC? “How does a bug bounty fit into my SDLC?” This is a question we hear all the time. While the obvious answer is that it can augment or replace much of your current manual and automated testing, the actual answer is simpler; “bug bounties fit into and support your SDLC each step of the way.” Read More
By Bugcrowd Mar 8, 2021Celebrating International Women’s Day at Bugcrowd Happy International Women’s Day! Each year, the world comes together on March 8th to celebrate the accomplishments of women and raise awareness of gender bias. This year’s theme is #ChooseToChallenge, highlighting everyone’s individual responsibility to challenge and call out gender… Read More
By Casey Ellis Mar 8, 2021NIST: Vulnerability Disclosure as a Requirement for Every Organization What is the NIST Cybersecurity Framework? The NIST Cybersecurity Framework is a set of policies meant to help the private sector in strengthening their cybersecurity readiness and awareness. The framework is published by the National Institute of Standards and Technology… Read More