By Ryan Black Oct 26, 2018Halloween Hacks and How to Avoid Them #SecOps Edition It’s almost Halloween — the one night of the year when witches, ghosts, and vampires roam the streets. And if you thought those were scary, think again. In our connected world, cyber threats and attacks are lurking all around us,… Read More
By Bugcrowd Researcher Success Sep 17, 2018Bugcrowd Badge Challenge Writeup A few weeks ago, we wrote about our learnings from designing and building a badge for the first time for DEF CON 26. One area we would like to rethink for next year is the approach to the badge challenge,… Read More
By Bugcrowd Researcher Success Aug 7, 2018Launching Bugcrowd University At Bugcrowd, we take great pride in the diversity of our community. We’re excited by the opportunity that we have every day to work with researchers of all backgrounds, interests, and skills. Today, we’re excited to launch our latest effort in… Read More
By Bugcrowd Researcher Success Apr 13, 2018Bugcrowd announces LevelUp 0x02, the virtual hacking conference Hi everyone! Bugcrowd is very excited to announce LevelUp 0x02, the free, online bug bounty hunter conference! On May 26, 2018, we will host the all-day conference featuring presentations from bug bounty hunters and penetration testers, sharing best practices, strategies,… Read More
By Bugcrowd Feb 13, 2018Researcher Documents Updates In order for Researchers to be successful, it is vital to clearly communicate expectations. We have refined verbiage in both the Bugcrowd Standard Disclosure Terms and the Bugcrowd Researcher Code of Conduct, and these changes are highlighted below: In the… Read More
By Bugcrowd Researcher Success Jan 5, 20182018 Predictions: It Takes a Crowd At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come. The response was overwhelmingly the same: more companies adopting bug bounties across company size and industry… Read More
By Bugcrowd Researcher Success Nov 9, 2017How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for large bounty rewards The following is a guest blog post from Mert & Evren, two talented researchers from Turkey. IDOR vulnerabilities are of the higher impact and higher paying vulnerabilities for web bug bounties. This article explores what IDORs are and how to find them. Read More
By Bugcrowd Researcher Success May 11, 2017Bugcrowd announces LevelUp virtual hacking conference Bugcrowd is putting on a conference for bug bounty hunters, but over the internet! On July 15th 2017, we will host an all-day conference with presentations from bug bounty hunters & penetration testers sharing their best practices, strategies, and research to help level-up their fellow bug hunters.Our goal for this conference is to create opportunities for researchers to learn and level-up their skills. We’re also working on ways that we can help researchers network and meet one another during the conference. Read More
By Bugcrowd Researcher Success Feb 28, 2017How to use Bug Bounties to Build Your Career – Bug Bounty Hunter Methodology This is the fifth post in our series: “Bug Bounty Hunter Methodology”. Read on to learn how you can use bug bounties to build and grow a successful penetration testing or bug hunting career. If you have any feedback, please tweet us at @Bugcrowd. Read More
By Bugcrowd Researcher Success Feb 8, 2017The Importance of Scope – Bug Bounty Hunter Methodology This is the second post in our new series: “Bug Bounty Hunter Methodology”. Today we explore bounty scopes, disclosure terms & rules, and how those guide you in your hacking. If you have any feedback, please tweet us at @Bugcrowd. Read More
