skip to Main Content
This website use cookies which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. To learn more or withdraw consent please click on Learn More. By continued use of this website you are consenting to our use of cookies.

OWASP’s Open Source Bug Bounty Launch

A few weeks ago we launched a very exciting program, and now that it’s well underway, wanted to give a huge shout out to the awesome organization making it happen. The Open Web Application Security Project (OWASP) is not only the authority on most things application security but a phenomenal open source organization that is constantly trying new things, evolving and innovating the application security landscape.

Read More

Bugcrowd’s 2nd Annual State of Bug Bounty Report – A Note from the CEO

sobb-2016-preview-040412-edited.jpgBugcrowd has always held education and sharing as a core value, which is why I’m very pleased to announce the release of our second annual State of Bug Bounty Report.

This 22-page document gives the reader an up-close and personal look at the evolving dynamics of the bug bounty market, and deeper insight into the early stages of the “unlikely romance” blossoming between hackers and organizations. Read the full report

Read More

May 2016 Leaderboard

Bugcrowd is excited to announce our May 2016 Hall of Fame winners!  Big recognition goes to mert, who topped the May leaderboard with an astouding 786 points earned through multiple last minute P1 and P2 submissions.  To thank our top performers for their hard work, Bugcrowd is pleased to announce that the following three researchers will receive bonuses for their performance.

Read More

Podcast – An Inside Look at the Crowd with Frans Rosen & Sam Houston

For me, one of the most enjoyable aspects of the security industry is the security community. The relationships I’ve been fortunate enough to build over the past couple of years have made this job very rewarding and of course, a ton of fun. I recently had the chance to record a podcast discussion with Frans Rosen, founder of Detectify and active bug bounty hunter to discuss our experiences in the security community:

Read More

Big Bugs Podcast Episode 2: ImageTragick Up Close

This morning we released the second episode of our new podcast series ‘Big Bugs’ hosted by me. This episode, embedded in this post and available on SoundCloud, takes a look at the recently popularized bug, ImageTragick. I discuss the detection and remediation time line of the widespread bug in the image processing suite, ImageMagic, as well as the implications it has for developers and researchers.

Read More

Discovering Subdomains

When coming across a *.target.com scope, it’s always a good idea to seek the road less travelled. Exotic and forgotten applications running on strangely named subdomains will quickly lead to uncovering critical vulnerabilities and often high payouts. Discovering such subdomains is a critical skill for today’s bug hunter and choosing the right techniques and tools is paramount.

Read More

Researcher Spotlight – Fuzzybear

Fuzzybear is #43 on the community leaderboard, with a 100% acceptance rate and an average bug priority of 2.55. In the short time he’s been on Bugcrowd and in bug bounties he has done quite well, successfully finding 65 bugs on Bugcrowd bug bounties, most of which was through private bug bounty programs. He also has one of my favorite usernames in the community!

Read below for our interview with Fuzzybear, where he shares some great practical advice for researchers.

Read More
Back To Top