Last month, we wrote an introductory overview of our experience running the second annual Car Hacking Village CTF infrastructure at DEF CON 25. Most notably, our use of Zappa to deploy Flask-based CTFd on AWS Lambda and API Gateway resulted in a $1.50 bill for the entire month of July (excluding database instances), while providing a number of operational advantages over last year’s traditional infrastructure.
Topic: Researcher Resources
In celebration of its upcoming one year anniversary, we are thrilled to formally announce the Bugcrowd Researcher Council. Begun as a pilot program in November of 2016, Bugcrowd’s Researcher Success Team identified 5 Researchers to invite to a special kind of pilot feedback program; since then, the program has grown 200% and the Council members have given their valuable feedback on a variety of implemented improvements, including the Researcher Dashboard and the current ongoing improvements to tokenized search.
For the last two quarters, we’ve challenged our crowd to report vulnerabilities against the toughest targets our programs have to offer–thick client applications. Bounties that fall into this category include Avira (client software), AVG Technologies (client-side application), OWASP ZAP (desktop application) and several private programs.
Learn more about the promotion here.
This is the fifth post in our series: “Bug Bounty Hunter Methodology”. Read on to learn how you can use bug bounties to build and grow a successful penetration testing or bug hunting career. If you have any feedback, please tweet us at @Bugcrowd.
This is the third post in our series: “Bug Bounty Hunter Methodology”. Today’s is a guest post from ZephrFish, whom you can follow on twitter at @ZephrFish. Read on to learn how to use notes and session tracking to make your bug bounty hunting more successful. If you have any feedback, please tweet us at @Bugcrowd.
This is the second post in our new series: “Bug Bounty Hunter Methodology”. Today we explore bounty scopes, disclosure terms & rules, and how those guide you in your hacking. If you have any feedback, please tweet us at @Bugcrowd.