Keep track of the latest security news, and in touch with the bounty community.

Instructure launches Private Bug Bounty Program

Instructure has leveled up its security practices yet again – we’re now proud to announce the launch of their private bug bounty program. Instructure is the company behind Canvas, an open-source learning management system that is not only revolutionizing the way we educate, but progressing security standards as well. The company first engaged Bugcrowd in a Read article →

Increasing pen test results by 8x: The Instructure Story

Since 2011, Instructure has proactively publicized the results of their annual penetration test reports to provide transparency around the security of their learning management system. From 2011 to 2013, these pen tests discovered an average 7.6 valid vulnerabilities each year. For its most recent annual penetration test, Instructure engaged Bugcrowd in a private Flex program, Read article →

Guest Blog: Best Practices for Quality Bug Hunting by SatishB3

[Today I’d like to introduce you to Bugcrowd member Satish Bommisetty.  An author and professional security researcher, Satish has helped improve the application security of dozens of companies by reporting over 170 valid vulnerabilities through Bugcrowd. We are honored to share his thoughts on how bounty hunters can deliver high quality professional results and create a respectful security research community.  These are things that Read article →

Guest Blog: Validating Bugs to Improve Success by Archita

[Bugcrowd is a proud sponsor of Nullcon 2015, which is less than a week away!  While we are putting the finishing touches on our Bug Bash event, we want to introduce you to another of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to have a Read article →

Nullcon 2015 Bug Bash in Goa, India

Bugcrowd is a proud sponsor of Nullcon 2015 which is rapidly approaching! We’re working with some of the best researchers from the Bugcrowd community to host a Bug Bash at Nullcon on February 7th. Meet and learn from some of the best researchers in the world, and compete to rise to the top of the Bug Read article →

Guest Blog: How to Kick Start in Bug Bounty by worldwideweb

[Bugcrowd is a proud sponsor of Nullcon 2015, which is rapidly approaching!  While we are hard at work preparing to host an awesome Bug Bash event, we want to introduce you to a few of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to Read article →

Guest Blog: httpscreenshot – A Tool for Both Teams

[The Shmoocon presentations I recommended last week did not disappoint, and I’m excited to have the opportunity to share some of the great research I saw there with Bugcrowd customers and Crowd members.  This tool released by Justin Kennedy and Steve Breen can be used by both Red Teams and Blue Teams.  Enjoy!  ~Kymberlee] Guest Blog: httpscreenshot – Read article →

Protip: Read the Bounty Brief!

Ready to do some bounty hunting?  Great!  Whether this is your 1st time or your 500th, the first thing to do when you sit down to the computer is read the Bounty Brief.   Maybe you’ve read the Bounty Brief for the program before, or you just want to get down to hacking…  but always be sure you read Read article →

ShmooCon 2015 – still no moose.

  Every year, with rare exception, I make the trip to Washington DC for Shmoocon.  Now in its 11th year, this conference is one of my very favorites.  Not only are the talks fantastic, but the community is amazing.  There are so many activities that go on throughout the conference!  Whether it is Fire Talks, Read article →

Guest Blog: Writing Up a POC by Planet Zuda

Recently Geekspeed discussed the importance of well written repro steps when he shared his tips on writing a great vulnerability submission. Digging deeper into that, I’d like to reference a great blogpost by Planet Zuda on Writing a Proof of Concept For Security Holes.  ~Kymberlee Republished with permission from: http://planetzuda.com/2014/12/29/how-to-write-a-good-proof-of-concept-for-security-holes/  How To Write a Proof Of Read article →