By Bugcrowd Researcher Success Jul 8, 2015How I Got Into Security: Duarte Silva Editor’s Note: Bugcrowd community researcher, Duarte Silva, shares the story behind how he started working in information security. Duarte is one of Bugcrowd’s top researchers, you can follow him on Twitter at @serializingme. Read More
By Bugcrowd Jul 3, 2015Advice From A Researcher: Hunting XXE For Fun and Profit About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. After his first few bugs, he came to realize that bug bounties are a great way to learn more about web application security as well as make some extra money while going to school – computer science major. Currently Ben is an intern at Bugcrowd and continues to do bug bounty research. You can see more of his work on nahamsec.com. Read More
By Bugcrowd Researcher Success Feb 4, 2015Guest Blog: Validating Bugs to Improve Success by Archita "This is not a girl's cup of tea. Are you crazy?” These are the lines I heard when I showed interest in bug bounty for the first time. Hacking, bug bounty... I never dreamt of it as I did not… Read More
By Bugcrowd Researcher Success Feb 4, 2015Guest Blog: Best Practices for Quality Bug Hunting by SatishB3 Best Practices for Quality Bug Hunting As bounty programs offer rewards on a first come first serve basis, bug hunters always seem to be in a hurry to unearth the findings as soon as they can. But before participating in… Read More
By Bugcrowd Researcher Success Jan 23, 2015Guest Blog: How to Kick Start in Bug Bounty by worldwideweb It took to me a day to pen down this post as I’m atrocious in penmanship. Anyhow I do not want to ebb your time by expounding what an atrocious writer I am. I have penned down my experience with… Read More
By Bugcrowd Researcher Success Jan 21, 2015Guest Blog: httpscreenshot – A Tool for Both Teams Shmoocon is one of those few security conferences that has been around for quite some time, each year selling out of tickets in record timing, and only allowing those with the quickest mouse clicks to obtain them. Luckily for Steve Breen… Read More
By Bugcrowd Researcher Success Jan 12, 2015Guest Blog: Writing Up a POC by Planet Zuda Republished with permission from: http://planetzuda.com/2014/12/29/how-to-write-a-good-proof-of-concept-for-security-holes/ How To Write a Proof Of Concept For Security Holes December 29, 2014 by Planet Zuda We find security bugs all the time and have to write proof of concepts. Unfortunately, we struggled with being able to… Read More
By Bugcrowd Researcher Success Jan 7, 2015Guest Blog: Geekspeed’s Advice for Writing a Great Vulnerability Report by: John Stauffacher No lie, it took me eight nine tries to write this blog post. I offered to write a guest post about communicating vulnerabilities effectively to customers in December, but then faced writer’s block. I’m a professional security consultant and… Read More
By Casey Ellis Jan 21, 2014Guest Post: Bypassing 3rd-degree profiles in LinkedIn by Osanda Malith Osanda Malith wrote up this clever article on how he bypassed 3rd-degree profiles on LinkedIn. Learn more about Osanda and the exploit below. Check our his profile: https://bugcrowd.com/Osanda_Malith/ Blog: http://osandamalith.wordpress.com/ Twitter: @OsandaMalith I was in the middle of submitting an assignment to my… Read More
By Casey Ellis Dec 4, 2013Guest Blog: Breaking Bugcrowd’s Captcha by Pwndizzle Check our his profile here: https://bugcrowd.com/pwndizzle Blog: http://pwndizzle.blogspot.com Twitter: @pwndizzle Introduction A while back Bugcrowd started a bounty for the main Bugcrowd site. While flicking through the site looking for issues I noticed they were using a pretty basic CAPTCHA. In certain sections… Read More