skip to Main Content

Topic: Researcher Resources

Tips from Top Hackers – How to fit bounties into your schedule and maximize payouts

In our recently published report on the bug hunting community, we asked all kinds of bug hunters what motivates them to participate in bug bounties, and how they decide what programs to participate in. Amongst several of the groups identified in the report, time was a huge factor. With a full-time job, family and a social life, how does one fit bug bounty hunting into their busy schedule?

Read More

Q4 Researcher Promotion: Thick Client Targets

As the bug bounty space has matured, the range of targets to test against has expanded and diversified incredibly. Our programs offer a broad range of targets, from web and mobile, to APIs and IoT devices (even cars)! Over the last several months, Bugcrowd has launched more and more bounty programs that feature thick client applications.

Whether you have skills in testing thick client software, or want to expand your expertise, Bugcrowd has several public programs and numerous private programs available for you to hack on for fun and profit. This quarter we’re running a limited time promotion for all submissions found in thick client applications.  

Read More

How and When to Effectively Escalate a Submission

We take the security research community seriously and appreciate the valuable time spent participating in Bugcrowd programs. Each submission is reviewed with the respect that it deserves, and we have a commitment to set researchers up for success as reports move through the review process. This entails understanding the submission review process, respecting bounty guidelines, and effectively communicating with program owners and the Bugcrowd Application Security Engineering (ASE) team.

Read More

Big Bugs | Episode 5: Big XSS–Not an Oxymoron

Over the past 10+ years, Cross-Site Scripting has made its way into just about every ‘top-ten vulnerability’ list and has consistently starred in headlines and POCs. XSS vulnerabilities are also commonly submitted through bug bounty programs, and many write them off as ‘low hanging fruit.’ We’re here to tell you that not all XSS are created equal.

This episode of Big Bugs examines the reason we’re experiencing XSS-Fatigue, some examples of high impact XSS bugs found in the wild, and resources for defenders and offenders.

Read More

Calling all Mobile Researchers!

Over the last year Bugcrowd has seen a dramatic increase in the number of bounty programs that feature mobile app (iOS and Android) targets.  Whether you have mobile skills or just want to expand from web app to mobile app bug hunting, Bugcrowd has several public programs and numerous private programs available for you to hack on for fun and profit. We want you! Which is why we’re running a limited time contest for all mobile vulns.

Read More

Finding An InfoSec Job

A lot of organizations out there are looking talented hackers right now. Defense, offense, Ops, Dev, you name it, if you have skills then someone is probably looking for you! The problem doesn’t seem to be the *need* but a concise way to finding/getting these positions. Here are a few notes and resources we love for helping connect awesome researchers with awesome companies (it’s kinda a thing we do here).

Read More

Adventures in Reverse Engineering

One thing we like to highlight at Bugcrowd is creating lasting positive relationships between clients and talented researchers. Today one of our crowd, Duarte Silva, released some of his work on reverse engineering Aruba Networks ArubaOS Firmware package. Some time…

Read More
Learn More About The Day in The Life of a Pen Tester ( Episode 4 )Register Now
+
Back To Top