Find out how Kenna Security garners more value from Bugcrowd than with other firms and tools.
Learn how Bugcrowd’s Next Gen Pen Test Enables Movember to Secure its Data Before its Busy Period. Since 2003, Movember has raised awareness and funds for men’s health. In 2018 alone, the organization raised $87 million AUD. With more than 5 million Mo Bros and Mo Sistas around the world participating in this effort, the
Find out how Kenna Security garners more value from Bugcrowd than with other firms and tools.
A comprehensive overview of Bugcrowd’s security researcher community, the motivations for bug hunting and the economics of whitehat hacking.
Learn how Outreach.io streamlines vulnerability data communication using Bugcrowd’s bi-directional Jira integration.
Penetration testing has become a best practice for vulnerability assessment over the past couple decade. But in recent years have come into question, as data breaches continue to hit organizations with extensive penetration testing programs.
Organizations spend millions of dollars a year on compulsory pen tests without ever seeing any value. In fact, research shows that 84% security leaders are not satisfied with their current pen test efforts and less than 20% have integrated pen test findings into their software development process.
Learn about how Bugcrowd's Next Gen Pen Testing Enables Movember to Secure Data and Focus on Fixing Bugs
Sean Martin asked Jason Haddix, VP of trust and security at Bugcrowd, what recommendations he has for researchers who have not yet made their way to Hacker Summer Camp in Las Vegas. Tip number one: plan/scope ahead of time what you’d like to see. Listen to the recording
In this edition of the Risky Business Soap Box podcast we chat with the founder and CEO of Bugcrowd, Casey Ellis, about the establishment of the bug bounty market and how things have shaped up. We also look at where it’s going.
In this week’s episode (#112): top bug hunters can earn more than $1 million a year from “bounties” paid for information on exploitable software holes in common platforms and applications. What does it take to be among the best? We talk with Jason Haddix of the firm Bug Crowd to find out. Also: The Internet Society’s Jeff Wilbur talks about the new #GetIoTSmart campaign to educate device makers and the public about Internet of Things security.
Learn how program management brings ROI to your bug bounty program, the requirements for a bug bounty program, and how Invision went from a competitive self-managed program to a Bugcrowd Managed Program.
Invision’s VP of Information Security, Johnathan Hunt and Bugcrowd’s CSO David Baker discuss the value of bug bounty program management.
Managed bug bounty and vulnerability disclosure programs provide security teams with the ability to level the playing field by strengthening product security as well as building stronger ties with the security researcher community.
Download this guide to learn the ins and outs of crowdsourced security, managed bug bounty and vulnerability disclosure program.
The unprecedented growth and adoption of connected devices have created innumerable threats for organizations, manufacturers, and consumers, while at the same time creating unprecedented opportunities for hackers. In this episode of Big Bugs, Jason Haddix joins Fitbit’s security team to explore what it takes to effectively hack connected devices through APIs, and how the role of
Watch this on-demand webinar featuring two of the first innovators in the crowdsourced security space, Bugcrowd founder and CTO, Casey Ellis and Detectify co-founder Fredrik Nordberg Almroth, as they dive into conversations on why crowdsourced security? Where is the industry heading? and what motivates the bug bounty hunter community?
In this podcast, I’m joined by a major contributor to the CTF scene, Kevin Chung who wrote the open source CTF framework, CTFd. At Bugcrowd we’re big fans of CTFd; last year we ran our own first internal Bugcrowd CTF with the help of CTFd, and it was a great experience. Later on, in the year, we utilized CTFd
I recently attended the world’s largest consumer technology show in the world: CES. It was my first time at the show and I was excited to not only see the latest gadgets, but also attend some of the sessions. Of course, as a hacker I couldn’t help but apply the “how to break in” filter to everything
This week’s Big Bugs podcast is near and dear to my heart, combining three of my favorite things: mobile hacking, gaming, and security in general. In this episode, I’ll start by giving a brief history of Niantic and Pokemon Go and review some of the few technical issues that the game has experienced. The bulk of this podcast will be focused
Over the past 10+ years, Cross-Site Scripting has made its way into just about every ‘top-ten vulnerability’ list and has consistently starred in headlines and POCs. XSS vulnerabilities are also commonly submitted through bug bounty programs, and many write them off as ‘low hanging fruit.’ We’re here to tell you that not all XSS are created
In this episode, I am joined by special guest Adam Hartway of Digital Safety (DiSa) to explore a $15K bug uncovered in their winner takes-all bug bounty program.
This episode of Big Bugs takes a look at the recently popularized bug, ImageTragick. I discuss the detection and remediation time line of the widespread bug in the image processing suite, ImageMagic, as well as the implications it has for developers and researchers.
In this episode of Big Bugs, Jason Haddix provides an introduction to the car hacking space. With case studies of successful attacks and research from the past years, I also provide some technical resources for testing as well as technical resources for developers.
Watch this on demand webinar and learn key tips for running a successful bug bounty platform.
Watch this on demand webinar and learn how Bugcrowd’s Jira integration automatically streamlines vulnerability data into the development workflow for faster remediation.
Secure software development requires security pros to get comfortable with understanding and participating in the full software development lifecycle (SDLC). Learn how crowdsourcing makes it easy to integrate security into the SDLC.
Learn how Bugcrowd accelerates the remediation process and reduces risk though SDLC integration, patch validation, and secure code education.
Learn more about trends in crowdsourced security and take a deep dive into the most common and emerging vulnerabilities found over the past year in our 4th annual State of Bug Bounty Report.
Join our expert panel as we discuss the most common bugs of 2018, key findings from our 2018 State of Bug Bounty Report, whats behind the trends, and the impact of vulnerabilities if exploited – Tuesday, June 26th @ 1PM (EDT)
Watch an on-demand webinar discussing the value of a Vulnerability Disclosure Program (VDP) , why Motorola Mobility chose to add a VDP to its security regiment , and how a VDP can help customers evolve their crowdsourced security testing.
It’s hard to believe that last year saw more phishing scams, ransomware, and state-sponsored attacks than ever before. The number of data breaches and cyber-attacks is not slowing down any time soon. Clearly cybersecurity concerns are not going away. Security leaders are looking to find and invest in the best tools and approaches to combat
Follow the complete path of a bug bounty—from program strategy, setup and management, to bug submission, validation, and remediation. Register for one of our upcoming live demos of the Bugcrowd Platform.
From confusion about how bug bounties work to questioning their effectiveness (and everything in between) we dug into our data to investigate the 7 Biggest Bug Bounty Myths.
The VRT is a resource outlining Bugcrowd’s baseline priority rating, including certain edge cases, for vulnerabilities that we see often. Last updated March 2016.
Watch on-demand webinar featuring Amit Elazari, doctoral law candidate, CLTC Grantee, UC Berkeley School of Law, and Casey Ellis, founder and CTO of Bugcrowd as they discuss minimizing legal risks of hackers participating in crowdsourced security.
Learn why Aruba Networks commits to ongoing private bug bounty programs to deliver better device security.
Learn about the 6 questions to ask before implementing a vulnerability disclosure program.
Learn why crowdsourced security is a key element of any viable security architecture.
Bugcrowd connects Federal agencies to the largest database of trusted and experienced security experts. Learn more about crowdsourced cybersecurity for the Federal sector.
Learn how a fully managed bug bounty program helped Atlassian uncover vulnerabilities faster, freeing up more time to find anti-patterns and implementing broad mitigations.
Venture deep inside the mind of a hacker with our 2nd annual report. Gain insight into the bug hunting community – who they are, what they do, and what motivates them to hack.
Learn why instructure upgraded their traditional penetration testing with NGPT for its Annual Security Audit.
A vulnerability disclosure program (VDP) is the first step in helping protect your company from an attack or premature vulnerability release to the public. View on-demand webinar to learn about the 5 keys to understanding vulnerability disclosure prior to launch.
Uplevel your bug hunting skills with Bugcrowd University. Learn the basics of hacking and bug bounty hunting with videos, tutorials, labs, best practices and more on GitHub.
Welcome to Bugcrowd University! Join us for free and begin your journey to become a white hat hacker. Bugcrowd University was created to help you learn the basics of hacking and bug bounty hunting. Learn more here.
Welcome to Bugcrowd University – Introduction to Burp Suite! This burp suite guide will help you get your software setup and teach you a methodology that will lead you to success. Hacking tools are powerful but it’s important you know how to properly use them to their full potential. Learn how to setup burp proxies
Welcome to Bugcrowd University – Broken Access Control Testing. Defined by OWASP: “Access control, sometimes called authorization, is how a web application grants access to content and functions to some users and not others.” Learn more here.
Welcome to Bugcrowd University – Cross Site Scripting! XSS vulnerabilities are one of the most common bugs on the internet. This class of bug can be very powerful, especially when used with other vulnerabilities and techniques. Learn the history of XSS and and what you can do with this vulnerability. Learn more here.
Learn the basics of bug hunting and how to create a good vulnerability submission from selecting the correct VRT category and using styling to write effective reports, to POCs and best practices. Learn more here.
Learn why and how financial services industry is looking to bug bounty programs to strengthen their application security and protect customer data.
FCA US is the first full-line automaker to offer a paid public bug bounty program, leveraging Bugcrowd to enhance the safety and security of FCA US consumers, their vehicles and connected services with bounty payouts up to $1,500.
As a complex financial services organization, Western Union needs to fill any and all security gaps. Watch the video to learn how the crowd helps.
For obvious reasons, security vendors are held to a higher standard of product security.
"Efficiency and effectiveness of the crowd is really why we bring them on… Because we have the crowd involved in the vulnerability management program, it’s helped in expanding of our team for a fraction of the cost. Now my internal resources are better utilized.”
“Our bug bounty plays a key role in our product security program. It has helped us to define and shape this program. We are getting access to a large talent pool who are incentivized to test, find and report security vulnerabilities on our platform. This is a win-win situation for everyone.”
In this guide, you’ll learn what makes for a good bug bounty brief and a successful program, as well as how researchers and program owners can align their respective expectations and avoid ambiguity and miscommunication.
Traffic Control adds visibility, coverage and control to your crowdsourced security and vulnerability disclosure programs utilizing VPN technology.
NETGEAR's bug bounty program offers rewards up to $15,000 and is innovating the way device manufacturers approach security.
Listen to our CISO panel as they discuss protecting complex environments, overcoming resource shortages and achieving coverage at scale.
This comprehensive guide explores the top three ways bug bounties outperform penetration tests and deliver improved volume and quality of results.
After running a private bug bounty program, Intercom launched a public program to bolster their application security efforts.
Learn 3 core lessons learned from the Equifax data breach, and why many security leaders are implementing Vulnerability Disclosure as an additional layer to their security programs.
Backed by years of collected data, this guide answers how much you should budget for a crowdsourced security program and what you should set your reward range at to attract the right talent.
Bug bounty programs have disrupted the pen test norm, and provide organizations with a robust and all-encompassing security assessment solution. Learn why Instructure, the company behind Canvas Learning Management System (LMS), made the switch.
The Bugcrowd Code of Conduct outlines the expected behavior of all Bugcrowd community members participating in bug bounty and vulnerability disclosure programs.
Through our bug bounty program we have awarded over 300 submissions in the past year and a half, with payouts as high as $5,000 for the most severe bugs.
Bugcrowd sits down with security researchers Matthew Layton and Darkarnium to discuss bug hunting strategy and motivations.
Since 2013, (ISC)² has been both a customer and a partner of Bugcrowd, running a public bug bounty program and offering CPE credits to those maintaining their CISSP certification.
The Open Web Application Security Project (OWASP) utilizes to Bugcrowd to run bounty programs on their open source security tools to add an extra layer of trust to tools used by hundreds of security teams.
Attention Researchers: So, as you may or may not know, Bugcrowd runs a large number of private programs that aren’t publicly visible. These private programs range from testing webapps, to APIs, to reverse engineering binaries/desktop apps, to network pentests, and even IoT devices! That said, sometimes these programs need some pretty specific skill sets that
How do you stack up? Check out the leaderboard for top researchers this month and for all time.
Stuart Hirst, IT Security Manager for Skyscanner, reveals why their security team turned to Bugcrowd's On-Demand bounty to improve the security of their code and allow them to further develop our ‘Hack Yourself First’ approach.
Top trends in crowdsourced cybersecurity.
Download the report to learn the most reported vulnerabilities, average payout amounts, and industry adoption trends.
Learn more about Digital Ocean's public bug bounty program and why they chose to engage with the crowd
Join a CISO, an AppSec guru, and IoT security expert to hear industry leading perspectives on the trends that have emerged over the past year, and what to look forward to in the next.
Join the discussion and collaborate with other bug hunters in the Bugcrowd Researcher Forum.
Learn more about the Bugcrowd Researcher Council and how to submit a nomination.
Read through Bugcrowd’s standard terms that apply to all Bugcrowd disclosure programs and bug bounties.
Learn about the security job gap, and how Bugcrowd helps close that gap with crowdsourced security programs.
In this report we highlight a few specific bug hunters in the global Bugcrowd community, examine different motivations of different types of bug hunters and provide ‘action items’ for program owners to tap into different segments of researchers.
Bugcrowd’s second annual report shows the current state of the bug bounty ecosystem, with data from organizations running bug bounty programs and security researchers participating in them.
One stop shop for Android and iOS security resources for security and development teams.
This guide explores the current challenges within the application security landscape, why they’re hurting your SDLC, and how bug bounties can improve your security strategy.
Since 2013, Bugcrowd has maintained “The List” — a directory of public bug bounty and vulnerability disclosure programs. What started out as a crowdsourced blog post, has evolved to become the defacto resource for people looking for bug bounty and vulnerability disclosure programs across the industry, ranked at the top of search engine results. This
With the launch of the weekly Researcher Spotlight, we will share stories from our global hacker community. This week we’re putting the Spotlight on a Cal Poly student studying Computer Science, Nicole Anderson-Au. When Nicole was very young, she loved to do logic puzzles, such as Sudoku and became passionate about investigating with clues and
Bugcrowd is excited to announce our December 2018 Hall of Fame winners and wrap up 2018! We hope everyone had a wonderful new year and are excited to share with you the exciting new incentive programs we will be rolling out for 2019 (more to come soon)! Now let’s get to it…here are our Hall of