October 2017 Summaries
6 posts from Bugcrowd
Filter
Month:
Year:
Post Summaries
Back to Blog
The Car Hacking Village CTF, hosted at DEF CON 25, utilized Zappa to deploy Flask-based CTFd on AWS Lambda and API Gateway, resulting in significant cost savings. The deployment was a last-minute idea conceived before the event, but research on less frequently used AWS technologies saved time. Despite initial testing and prior experience with CTFd, the team encountered a bug related to storing IP addresses as integers in a Postgres RDS instance, causing intermittent 500 responses. A test migration to change the column type resolved the issue, allowing the CTF to continue without further hiccups. The deployment handled a large volume of vulnerability scanner traffic and provided valuable learnings for future work.
Oct 30, 2017
679 words in the original blog post.
The new version of Qualys Web Application Scanning, WAS 5.7, integrates with Bugcrowd to enable centralized viewing and triaging of automated vulnerability detections and submitted vulnerabilities from security researchers. This integration allows customers running bug bounty programs via Bugcrowd to import unique vulnerabilities into Qualys WAS, streamlining data management and sharing. By combining vulnerability data from bug bounty programs and automated scans, joint customers can reduce costs and create custom permission sets for efficient data sharing. The updated interface also features a centralized Detections tab and clear labeling of findings as Qualys, Bugcrowd, or Burp.
Oct 18, 2017
235 words in the original blog post.
The Bugcrowd Platform has been updated to map Vulnerability Rating Taxonomy (VRT) to Common Vulnerability Scoring System (CVSS) v3, allowing organizations to manage submission severity with CVSS v3. This update enables customers to rate issues with CVSS v3 and adds a mapping to VRT, aligning the two scoring models. The update provides a suggested priority rating based on VRT, which can be manually adjusted by setting a CVSS v3 score using a calculator. The Vulnerability Rating Taxonomy is a living document that constantly evolves to provide a baseline priority rating system within the platform.
Oct 10, 2017
414 words in the original blog post.
Bugcrowd has announced its September 2017 Hall of Fame winners, recognizing top performers yappare, mongo, and todayisnew for their exceptional bug bounty contributions. The top three researchers earned significant bonuses for their hard work, with yappare receiving $2,500, followed by mongo at $1,500 and todayisnew at $1,000. To excel in the Bugcrowd platform, researchers must prioritize high-severity bugs that pose critical security risks, such as remote code execution or elevation of privilege, which can earn substantial kudos points. By submitting these types of bugs, researchers not only receive bigger rewards but also increase their chances of being invited to private bounty programs.
Oct 09, 2017
230 words in the original blog post.
NETGEAR has fixed 50 vulnerabilities in its routers, switches, and NAS devices through its bug bounty program, with the company working closely with Bugcrowd to identify potential security issues and release fixes in bulk. This is not the first time NETGEAR has disclosed vulnerabilities discovered through its bug bounty program, following earlier this year's identification of a password bypass bug in hundreds of thousands of routers. The company's proactive approach to security is seen as a trend, with responsible disclosure being about building comprehensive security programs and effectively identifying vulnerabilities. NETGEAR's bug bounty program has been successful, with the company seeing significant growth and adoption across industries, including a 77% increase in participants this year. The platform brings together art and science to deliver compelling results for customers, with a team of application security engineers working to provide accurate insights from submissions and ensuring real, actionable results are delivered.
Oct 06, 2017
804 words in the original blog post.
The Bugcrowd Researcher Council is a unique program that brings together a group of recognized Researchers to provide feedback and shape the overall Bugcrowd Researcher experience. The council members, who serve for six months, are handpicked by the Researcher Success team based on their platform activity, demographics, and communication with Bugcrowd staff. Through this program, researchers have direct input on upcoming platform designs and improvements, including tokenized search and the Researcher Dashboard. The council has provided a valuable feedback loop, helping Bugcrowd make informed decisions as it develops its product roadmap. By leveraging the collective knowledge of its members, Bugcrowd aims to build a better platform that benefits both researchers and the community at large.
Oct 05, 2017
624 words in the original blog post.