Throughout October, November and December 2016, we challenged our crowd to submit bugs against some challenging targets–thick client applications. Previously we announced our October and November winners and today we’re excited to announce our two final two winners:
Posts by Chloe Brown
Throughout October, November and December 2016, we’ve challenged our crowd to submit bugs against some challenging targets–thick client applications. Learn more about the competition here.
As the bug bounty space has matured, the range of targets to test against has expanded and diversified incredibly. Our programs offer a broad range of targets, from web and mobile, to APIs and IoT devices (even cars)! Over the last several months, Bugcrowd has launched more and more bounty programs that feature thick client applications.
Whether you have skills in testing thick client software, or want to expand your expertise, Bugcrowd has several public programs and numerous private programs available for you to hack on for fun and profit. This quarter we’re running a limited time promotion for all submissions found in thick client applications.
We take the security research community seriously and appreciate the valuable time spent participating in Bugcrowd programs. Each submission is reviewed with the respect that it deserves, and we have a commitment to set researchers up for success as reports move through the review process. This entails understanding the submission review process, respecting bounty guidelines, and effectively communicating with program owners and the Bugcrowd Application Security Engineering (ASE) team.
In April we announced a Mobile bonus reward program for researchers that submitted valid, non-duplicate mobile vulnerabilities for a chance to win $1000, and in early June we expanded the program to two bonuses. We are excited to announce our two winners, and congratulate putsi and robinooklay for their mobile submissions!
Over the last year Bugcrowd has seen a dramatic increase in the number of bounty programs that feature mobile app (iOS and Android) targets. Whether you have mobile skills or just want to expand from web app to mobile app bug hunting, Bugcrowd has several public programs and numerous private programs available for you to hack on for fun and profit. We want you! Which is why we’re running a limited time contest for all mobile vulns.
Editor’s Note: Today I’d like to introduce you to Bugcrowd member Anshuman Bhartiya (anshuman_bh). As an information security professional as well as bug bounty researcher, Anshuman has helped improve the security of many organizations. He has submitted several P1 & P2 bugs leading to his high standing within the programs he is involved in. As an active member on our Bugcrowd forum he also contributes to the bug bounty researcher community. This blog is from one of his responses on the forum that he has allowed us to post here. We are thrilled to share his thoughts and experience on how to successfully approach a target. Thanks!