Keep track of the latest security news, and in touch with the bounty community.

Nullcon 2015 Bug Bash in Goa, India

Bugcrowd is a proud sponsor of Nullcon 2015 which is rapidly approaching! We’re working with some of the best researchers from the Bugcrowd community to host a Bug Bash at Nullcon on February 7th. Meet and learn from some of the best researchers in the world, and compete to rise to the top of the Bug Read article →

Guest Blog: How to Kick Start in Bug Bounty by worldwideweb

[Bugcrowd is a proud sponsor of Nullcon 2015, which is rapidly approaching!  While we are hard at work preparing to host an awesome Bug Bash event, we want to introduce you to a few of our outstanding Crowd members in India that will be on the ground helping all the Nullcon Bug Bash participants to Read article →

Guest Blog: httpscreenshot – A Tool for Both Teams

[The Shmoocon presentations I recommended last week did not disappoint, and I’m excited to have the opportunity to share some of the great research I saw there with Bugcrowd customers and Crowd members.  This tool released by Justin Kennedy and Steve Breen can be used by both Red Teams and Blue Teams.  Enjoy!  ~Kymberlee] Guest Blog: httpscreenshot – Read article →

Protip: Read the Bounty Brief!

Ready to do some bounty hunting?  Great!  Whether this is your 1st time or your 500th, the first thing to do when you sit down to the computer is read the Bounty Brief.   Maybe you’ve read the Bounty Brief for the program before, or you just want to get down to hacking…  but always be sure you read Read article →

ShmooCon 2015 – still no moose.

  Every year, with rare exception, I make the trip to Washington DC for Shmoocon.  Now in its 11th year, this conference is one of my very favorites.  Not only are the talks fantastic, but the community is amazing.  There are so many activities that go on throughout the conference!  Whether it is Fire Talks, Read article →

Guest Blog: Writing Up a POC by Planet Zuda

Recently Geekspeed discussed the importance of well written repro steps when he shared his tips on writing a great vulnerability submission. Digging deeper into that, I’d like to reference a great blogpost by Planet Zuda on Writing a Proof of Concept For Security Holes.  ~Kymberlee Republished with permission from: http://planetzuda.com/2014/12/29/how-to-write-a-good-proof-of-concept-for-security-holes/  How To Write a Proof Of Read article →

Guest Blog: Geekspeed’s Advice for Writing a Great Vulnerability Report

[note: Happy New Year Bugcrowd researchers!  Once you’ve read the Submission Accomplished blogpost for vulnerability reporting 101, this guest blogpost is recommended reading to help you write effective reports on the vulnerabilities you find.  ~Kymberlee] Guest Blog: Geekspeed’s Advice for Writing a Great Vulnerability Report by: John Stauffacher No lie, it took me eight nine Read article →

4 Reasons Why Bug Bounties Fail

As the Holiday season and New Year’s quickly approaches, it’s a perfect time to reflect on some lessons learned this year. One in particular that has been top of mind as the Bug Bounty craze has grown this year isn’t what makes a program successful, but what makes a Bug Bounty program fail. As with Read article →

It Takes A Community…

Hi everyone, I’m Sam Houston. I recently joined the Bugcrowd team as Community Coordinator, a job title that basically means I’ll be working with and alongside Bugcrowd researchers to foster community engagement and growth. But what does that mean?

OWASP Bug Week 2014 Recap

Last week, Bugcrowd hosted OWASP Bug Week, an online competition for security researchers all over the world to find security bugs in live products. The researcher who found the “Best Bug” of the week won a badge to AppSecEU. To celebrate Bug Week, we also hosted a Bug Bash at our headquarters in San Francisco with Read article →