Operationally Necessary Cookies
Skyscanner has a culture of innovation and continuous improvement. For our IT security function, the ‘Security Squad’, it is no different. External security testing had previously taken the form of standard penetration testing, which brought considerable value and helped improve security posture. However, our Squad wanted to look at new ways of testing the products that we help secure on a daily basis. In early 2015, we began to investigate the possibility of a crowd-sourced testing mechanism.
The On-Demand Bug Bounty Program provided Skyscanner with 49 skilled researchers from around the globe. For two weeks, these researchers tested Skyscanner.net and followed a set of criteria set out by Skyscanner’s Security Squad.
Over 140 bugs were found, which Bugcrowd reviewed and triaged 43 for the Squad to investigate.
The 43 bugs were allocated a priority number, allowing Skyscanner to quickly determine which bugs needed to be fixed first. A considerable advantage of the scheme was the reporting aspect. Researchers would not only disclose the bug, but the replication steps (some with videos and pictures showing how it was found), HTTP requests, attack strings and a plethora of other useful information. This gave our Engineering squads information to replicate quickly and fix where necessary.
The reaction across the business was wholly positive and it has proven to significantly improve Skyscanner’s product security, engagement and response.
Read more about Skyscanner’s On-Demand Bug Bounty Program.
Empower Your Security Team With a Crowd of White Hat Hackers to Find and Fix Vulnerabilities in Your Code Before the Bad Guys Do.
From Our BlogSeptember 26, 2020A Byte-ful with TomNomNomSeptember 24, 2020Bugcrowd’s October Challenge Month!September 23, 2020Can the Crowd Handle Network Pen Testing?MORE BLOG POSTSNewsSeptember 16, 2020Beyond Compliance: Bugcrowd Leverages Crowdsourcing to Find Server Vulnerabilities Before Cybercriminals DoSeptember 9, 2020Legality of Security Research to be Decided in US Supreme Court CaseSeptember 9, 2020Bugcrowd Expands its Advisory Board with the Appointment of Two Distinguished Industry ExecutivesMORE NEWSEventsByteCon2020- September 21-25, 2020ByteCon is a community driven framework organized by Byter Cyber Labs for building online events…Connect With UsDarkCTF – September 25-27, 2020DarkArmy is a non-profit and diverse community of students and cybersecurity enthusiasts from all across…Connect With UsSecurity Flash with ActiveCampaign: How to Build Trust in a Time of Global UncertaintyHow do you build trust and confidence during a time of economic turbulence? We’re living…Connect With UsMORE EVENTS
MORE BLOG POSTS
ByteCon is a community driven framework organized by Byter Cyber Labs for building online events…
DarkArmy is a non-profit and diverse community of students and cybersecurity enthusiasts from all across…
How do you build trust and confidence during a time of economic turbulence? We’re living…
Stay current with the latest security trends from Bugcrowd