Keep track of the latest security news, and in touch with the bounty community.

Finding An InfoSec Job

A lot of organizations out there are looking talented hackers right now. Defense, offense, Ops, Dev, you name it, if you have skills then someone is probably looking for you! The problem doesn’t seem to be the *need* but a concise way to finding/getting these positions. Here are a few notes and resources we love Read article →

Earn Rewards up to $1000 for LastPass Vulnerabilities

LastPass is further deepening their commitment to application security and adding cash rewards up to $1,000 for the LastPass bounty program!  As of 1600 GMT today, LastPass is now offering cash rewards from $50 to $1,000 for valid first to find vulnerabilities submitted through their Bugcrowd bounty program. LastPass is a web and mobile password manager Read article →

Come to the Bugcrowd AMA Lounge at Defcon!

Several weeks ago I blogged about a VIP Crowd party we are holding for researchers at Defcon, and said there would be many announcements to follow…

Advice From A Researcher: How To Approach A Target

Editor’s Note:  Today I’d like to introduce you to Bugcrowd member Anshuman Bhartiya (anshuman_bh). As an information security professional as well as bug bounty researcher, Anshuman has helped improve the security of many organizations. He has submitted several P1 & P2 bugs leading to his high standing within the programs he is involved in. As an active Read article →

Top 3 Mobile App Security Threats + How to Test for Them

Mobile devices are relatively new to the connected world, yet the issues surrounding mobile app security have proven much more complex than those around web applications when it comes to threat modeling. With mobile, it’s not just about code running on devices, but depends heavily on device security – taking into account different versions, interfaces, platforms, and Read article →

How I Got Into Security: Duarte Silva

Editor’s Note:  Bugcrowd community researcher, Duarte Silva, shares the story behind how he started working in information security. Duarte is one of Bugcrowd’s top researchers, you can follow him on Twitter at @serializingme.

June 2015 Hall Of Fame

It is time for the June 2015 Hall of Fame, and this month was a close race for the top 3 spots with just 2 points between 2nd and 3rd place.  To thank these individuals for their hard work, Bugcrowd is pleased to announce the following researchers will receive June 2015 performance bonuses

Advice From A Researcher: Hunting XXE For Fun and Profit

About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. After his first few bugs, he came to realize that bug bounties are a great way to learn more about web application security as well as make some extra money while going to school – computer science major. Currently Ben is Read article →

Traditional & Flex Bounty Models: Re-Introduction

We’ve proved here at Bugcrowd that traditional security assessments pale in comparison to leveraging a community of researchers. Today we want to talk about the options and benefits of our programs for both researchers and clients.

Burp Suite Tutorial: 1

As promised in our previous blog, Jason Haddix -Director of Technical Operations- is doing an unedited series on using Burp Suite, a very useful tool when searching for Bug Bounties. This video is the first in a month long series. If you have any questions about the tutorial or need help, join us on the Read article →