By Casey Ellis Apr 8, 2014Is the Heartbleed Exploit Out Yet? In short, Yes. A list of POCs are provided below. If we're missing anything let us know via Twitter @bugcrowd, and we'll add it to the list and credit you for helping out. Last update: 30 April 2014 6:07 PDT Unless… Read More
By Bugcrowd Mar 20, 2014When to Reward a Bug Bounty Submission We’re regularly asked how Bugcrowd determines if a bug bounty submission is rewardable. Today, as we approach 10,000 submissions, and as part of Bugcrowd’s commitment to transparency, we’re shedding some light on our submission evaluation process. It's important to note… Read More
By Casey Ellis Feb 11, 2014Credit Card Reissues – When a Security Breach Actually Affects You ***This post was written by a Bugcrowd tester, who would like to remain anonymous*** People aren’t concerned with security breaches until it directly affects their lives. I was curious what my non-security friends thought about the recent breaches, so I posted… Read More
By Casey Ellis Jan 21, 2014Guest Post: Bypassing 3rd-degree profiles in LinkedIn by Osanda Malith Osanda Malith wrote up this clever article on how he bypassed 3rd-degree profiles on LinkedIn. Learn more about Osanda and the exploit below. Check our his profile: https://bugcrowd.com/Osanda_Malith/ Blog: http://osandamalith.wordpress.com/ Twitter: @OsandaMalith I was in the middle of submitting an assignment to my… Read More
By Casey Ellis Dec 12, 2013Three Ways to Avoid Duplicates in Bug Bounty Programs Bugcrowd decided early on to still incentivise duplicates with Bugcrowd Kudos points to turn duplicates into something which still add value to a bug bounty hunter. Duplicates are a necessary aspect of bug bounty programs, but they can be a… Read More
By Casey Ellis Dec 4, 2013Guest Blog: Breaking Bugcrowd’s Captcha by Pwndizzle Check our his profile here: https://bugcrowd.com/pwndizzle Blog: http://pwndizzle.blogspot.com Twitter: @pwndizzle Introduction A while back Bugcrowd started a bounty for the main Bugcrowd site. While flicking through the site looking for issues I noticed they were using a pretty basic CAPTCHA. In certain sections… Read More
By Casey Ellis Oct 8, 2013Meet the Bugcrowd – Bug Hunter profile of Manish Bhattacharya @umenmactech Our success relies on the efforts of our expert ninja bughunters, and we like to profile them in order to get some tips, trick and cool stories. Today’s profile is on Manish Bhattacharya Check out his Bugcrowd profile here : https://bugcrowd.com/introvertmac… Read More
By Casey Ellis Sep 22, 2013Meet the Bugcrowd! Bug Hunter Profile of Osanda Malith Jayathissa (@OsandaMalith) Our success relies on the efforts of our expert ninja bughunters, and we like to profile them in order to get some tips, trick and cool stories. Today’s profile is on Osanda Malith Jayathissa Check out his Bugcrowd profile here… Read More
By Casey Ellis Aug 19, 2013Authentication Bypass BY PAMELA O'SHEA, POSHEA [AT] RANDOMKEYSTROKES.COM When performing a penetration test of an application, tests against the authentication mechanism are always an important check. While a standard authentication mechanism may be used, it can often be implemented incorrectly or misunderstood.… Read More