***This post was written by a Bugcrowd tester, who would like to remain anonymous*** People aren’t concerned with security breaches until it directly affects their lives. I was curious what my non-security friends thought about the recent breaches, so I posted…
Osanda Malith wrote up this clever article on how he bypassed 3rd-degree profiles on LinkedIn. Learn more about Osanda and the exploit below. Check our his profile: https://bugcrowd.com/Osanda_Malith/ Blog: http://osandamalith.wordpress.com/ Twitter: @OsandaMalith I was in the middle of submitting an assignment to my…
Bugcrowd decided early on to still incentivise duplicates with Bugcrowd Kudos points to turn duplicates into something which still add value to a bug bounty hunter. Duplicates are a necessary aspect of bug bounty programs, but they can be a…
Check our his profile here: https://bugcrowd.com/pwndizzle Blog: http://pwndizzle.blogspot.com Twitter: @pwndizzle Introduction A while back Bugcrowd started a bounty for the main Bugcrowd site. While flicking through the site looking for issues I noticed they were using a pretty basic CAPTCHA. In certain sections…
Our success relies on the efforts of our expert ninja bughunters, and we like to profile them in order to get some tips, trick and cool stories. Today’s profile is on Manish Bhattacharya Check out his Bugcrowd profile here : https://bugcrowd.com/introvertmac…
Our success relies on the efforts of our expert ninja bughunters, and we like to profile them in order to get some tips, trick and cool stories. Today’s profile is on Osanda Malith Jayathissa Check out his Bugcrowd profile here…
BY PAMELA O'SHEA, POSHEA [AT] RANDOMKEYSTROKES.COM When performing a penetration test of an application, tests against the authentication mechanism are always an important check. While a standard authentication mechanism may be used, it can often be implemented incorrectly or misunderstood.…
