Instructure has leveled up its security practices yet again – we’re now proud to announce the launch of their private bug bounty program. Instructure is the company behind Canvas, an open-source learning management system that is not only revolutionizing the way we educate, but progressing security standards as well. The company first engaged Bugcrowd in a Read article →
Keep track of the latest security news, and in touch with the bounty community.
We won't email you every time we post. Only our most important news occasionally.
Since 2011, Instructure has proactively publicized the results of their annual penetration test reports to provide transparency around the security of their learning management system. From 2011 to 2013, these pen tests discovered an average 7.6 valid vulnerabilities each year. For its most recent annual penetration test, Instructure engaged Bugcrowd in a private Flex program, Read article →
[Today I’d like to introduce you to Bugcrowd member Satish Bommisetty. An author and professional security researcher, Satish has helped improve the application security of dozens of companies by reporting over 170 valid vulnerabilities through Bugcrowd. We are honored to share his thoughts on how bounty hunters can deliver high quality professional results and create a respectful security research community. These are things that Read article →
[Bugcrowd is a proud sponsor of Nullcon 2015, which is less than a week away! While we are putting the finishing touches on our Bug Bash event, we want to introduce you to another of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to have a Read article →
Bugcrowd is a proud sponsor of Nullcon 2015 which is rapidly approaching! We’re working with some of the best researchers from the Bugcrowd community to host a Bug Bash at Nullcon on February 7th. Meet and learn from some of the best researchers in the world, and compete to rise to the top of the Bug Read article →
[Bugcrowd is a proud sponsor of Nullcon 2015, which is rapidly approaching! While we are hard at work preparing to host an awesome Bug Bash event, we want to introduce you to a few of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to Read article →
[The Shmoocon presentations I recommended last week did not disappoint, and I’m excited to have the opportunity to share some of the great research I saw there with Bugcrowd customers and Crowd members. This tool released by Justin Kennedy and Steve Breen can be used by both Red Teams and Blue Teams. Enjoy! ~Kymberlee] Guest Blog: httpscreenshot – Read article →
Ready to do some bounty hunting? Great! Whether this is your 1st time or your 500th, the first thing to do when you sit down to the computer is read the Bounty Brief. Maybe you’ve read the Bounty Brief for the program before, or you just want to get down to hacking… but always be sure you read Read article →
Every year, with rare exception, I make the trip to Washington DC for Shmoocon. Now in its 11th year, this conference is one of my very favorites. Not only are the talks fantastic, but the community is amazing. There are so many activities that go on throughout the conference! Whether it is Fire Talks, Read article →
Recently Geekspeed discussed the importance of well written repro steps when he shared his tips on writing a great vulnerability submission. Digging deeper into that, I’d like to reference a great blogpost by Planet Zuda on Writing a Proof of Concept For Security Holes. ~Kymberlee Republished with permission from: http://planetzuda.com/2014/12/29/how-to-write-a-good-proof-of-concept-for-security-holes/ How To Write a Proof Of Read article →