Home / Companies / Bugcrowd / Blog / April 2016

April 2016 Summaries

8 posts from Bugcrowd

Filter
Month: Year:
Post Summaries Back to Blog
Today we released our first episode of our new podcast series ‘Big Bugs’ hosted by me. Our first episode, embedded in this post and available on SoundCloud, provides an introduction to the car hacking space. I discussed successful attacks and research from past years, including technical resources for testing and development. The episode also includes case studies such as Tesla Research, Samy Kamkar's Ownstar, Troy Hunt and Scott Helme's Leaf App research, Charlie Miller and Chris Valasek's 2016 Research, OWASP Internet of Things Project, IAmTheCalvary's Five-Star Automotive Cyber Safety Framework, the 2016 version of the car hackers handbook, and Tesla's Open Bug Bounty. Viewers can continue the discussion on our forum or subscribe to receive monthly episodes.
Apr 29, 2016 145 words in the original blog post.
Bugcrowd has seen a significant increase in mobile app vulnerability targets over the last year, offering various public and private programs for mobile app bug hunting. A limited-time contest is being run from April 1st to June 30th, where every valid and non-duplicate mobile vulnerability submission will be entered into a raffle to win $1000, with additional entries awarded for each valid submission. Participants can get started by emailing Bugcrowd's support team, specifying their interest in testing Android, iOS, or other platforms, and may qualify for private mobile testing program invitations upon submitting valid vulnerabilities.
Apr 28, 2016 241 words in the original blog post.
Skyscanner's IT security function, known as the Security Squad, was looking to expand its testing methods beyond standard penetration testing. The company began exploring crowd-sourced testing mechanisms in 2015 and initially faced some challenges before launching a successful bug bounty program with Bugcrowd. The two-week Flex scheme resulted in over 140 bugs being found by skilled researchers from around the globe, with 43 of those bugs being prioritized for immediate investigation. The program provided valuable information to Skyscanner's Engineering squads, including replication steps and attack strings, allowing them to quickly fix bugs and improve the company's product security. With a positive reaction across the business, Skyscanner plans to double its efforts in bug bounty schemes in 2016 and incorporate them into its overall testing strategy, complementing penetration testing with a mature testing approach.
Apr 27, 2016 528 words in the original blog post.
The traditional approach to security ROI is flawed because the value of security solutions decays over time, making it difficult to measure their effectiveness. Modern security professionals face a constantly evolving threat landscape and lack the resources to continually reinforce and reinstate traditional security solutions. To address this issue, companies are adopting modern security solutions like Next Generation Web Application Firewalls (NGWAFs) that deliver continuous return while building additional value. NGWAFs provide attack visibility, enabling companies to answer fundamental questions about attacks in their applications, such as what, where, and if they were successful. Bug bounty programs also provide a way to measure ROI by rewarding researchers strictly based on real, valid, and actionable bugs, delivering continuous security testing and confidence. By combining NGWAFs with bug bounty programs, companies can leverage continuous assessment against continuous defense, resulting in significant attack telemetry and improved prioritization of processes and resource spend.
Apr 22, 2016 1,200 words in the original blog post.
Today is a great day for hackers, defenders, Bugcrowd as a company, and for Aussie founders with a dream to execute on the world stage. We’re very proud to have Blackbird Ventures, the same firm that pioneered the Startmate incubator where Bugcrowd began, taking the lead on our $15M Series B alongside existing investors Rally, Costanoa and Paladin. We’re just as pleased to welcome Salesforce Ventures and Industry Ventures to the family. In 2012, we set out to create a radical cybersecurity advantage, level the playing field between attackers and defenders. As we’ve evolved, this goal has converged with the growth of the bug bounty economy, and we’ve successfully connected the largest crowd of hackers on the planet with the strongest companies in their respective fields. This round of funding is a milestone that validates Bugcrowd’s disruptive approach, which will be used to drive deeper into the market. The company plans to focus on growth, quality, partnering with existing players, and predicting future trends through investments in engineering and R&D. They view bug bounties as a catalyst to disrupt traditional competitive strategies, and are committed to making the Internet a safer place through their work. With this funding, Bugcrowd is poised for further expansion and innovation, aiming to capitalize on the growing demand for cybersecurity solutions.
Apr 20, 2016 429 words in the original blog post.
Nicodemo Gawronski is a renowned penetration tester and Bugcrowd bounty hunter with an impressive track record, holding the 8th spot on Bugcrowd's all-time leaderboard. He has been actively involved in bug bounty programs since mid-2014 and has worked as a Penetration Tester at Sec-1 in the UK. Gawronski attributes his success to continuous learning, focusing on critical vulnerabilities that provide a challenge rather than easy rewards. He emphasizes the importance of reading, applying knowledge, participating in bug bounty programs, asking questions, and collaborating with others. With an acceptance rate of 99.11% and an average priority of 3.09, Gawronski's dedication to his craft has earned him recognition within the security community.
Apr 15, 2016 1,201 words in the original blog post.
Bugcrowd has recognized its top performers from March 2016, with mongo taking the top spot due to his consistent P1 and P2 submissions. The platform is pleased to award bonuses to researchers who have demonstrated exceptional performance, including mongo, blum, and Harie_cool. High-severity bugs that pose significant security risks can earn substantial rewards, as well as potentially expedite invitations to private bounty programs. Bugcrowd's Hall of Fame winners are recognized for their contributions to the platform, and the community is encouraged to strive for similar success in the upcoming month.
Apr 04, 2016 224 words in the original blog post.
At the beginning of the year, we made a decision to put some stakes in the ground by discussing the bug bounty space and its often-overlooked aspects. We aimed to encourage more companies to engage with white-hat hackers, improve communication between them, and increase the quality and volume of submissions. To achieve these goals, we released new tools, including a market rate for bugs based on priority and security maturity, and promoted clear communication and expectation setting between hackers and companies. By taking the lead in this space, Bugcrowd is advocating for and supporting the collaboration between companies and white-hat hackers to create confidence in the face of a hostile internet.
Apr 01, 2016 417 words in the original blog post.