Do you know your way around E-Commerce flows? Do you have experience with creative exploitation of vulnerabilities? Then we have the perfect program for you. Skyscanner, an online travel marketplace, is looking for you!
About the Program
Skyscanner’s bug bounty program covers both of its mobile apps, .the majority of website and all of its subdomains. Some of the key areas researchers should focus on are:
- Booking platform
- User account profile
- Partner Portal
- APIs
- Mobile apps (IOS, Android)
Scope
This program is different from others as it pays higher rewards for findings in its focus areas for all submissions, regardless of priority rating. There is also a wide scope (now covering all of its subdomains) and researchers are encouraged to do reconnaissance of Skyscanner’s whole platform.
Skills
This is an attractive program for anyone with skills in:
- E-commerce flows
- Creative with the exploitation of flows
- Those that can demonstrate a clear impact – Skyscanner wants to know quickly how serious an issue is under initial review.
There is particular interest in high-impact business logic vulnerabilities.
Targets
Looking at the world we are in today and the level of uncertainty we face, now is the time to get started enhancing your skills, and Skyscanner’s program is a great opportunity to do so. This program offers monetary rewards for the first submitted report of a vulnerability. So if you are looking to enhance your skills and make a few extra dollars, this program is great for you!
Want to learn more about the program or would like to participate? Go here.
Interested in learning more about e-commerce flows or improving your skills? Check out some additional resources below:
- Portswigger’s Web Security Academy: https://portswigger.net/web-security
- Cyber Mentor’s video course on Web Application Hacking: https://www.youtube.com/watch?v=24fHLWXGS-M
- OWASP’s Mobile Security Guide: https://owasp.org/www-project-mobile-security-testing-guide/
