skip to Main Content

Is the Heartbleed Exploit Out Yet?

In short, Yes. A list of POCs are provided below. If we're missing anything let us know via Twitter @bugcrowd, and we'll add it to the list and credit you for helping out. Last update: 30 April 2014 6:07 PDT Unless…

Read More

When to Reward a Bug Bounty Submission

We’re regularly asked how Bugcrowd determines if a bug bounty submission is rewardable. Today, as we approach 10,000 submissions, and as part of Bugcrowd’s commitment to transparency, we’re shedding some light on our submission evaluation process. Its important to note…

Read More

Guest Blog: Breaking Bugcrowd’s Captcha by Pwndizzle

Check our his profile here: https://bugcrowd.com/pwndizzle Blog: http://pwndizzle.blogspot.com Twitter: @pwndizzle Introduction A while back Bugcrowd started a bounty for the main Bugcrowd site. While flicking through the site looking for issues I noticed they were using a pretty basic CAPTCHA. In certain sections…

Read More

Authentication Bypass

BY PAMELA O'SHEA, POSHEA [AT] RANDOMKEYSTROKES.COM When performing a penetration test of an application, tests against the authentication mechanism are always an important check. While a standard authentication mechanism may be used, it can often be implemented incorrectly or misunderstood.…

Read More
Learn More About The Day in The Life of a Pen Tester ( Episode 4 )Register Now
+
Back To Top