At the end of 2017 we asked our researcher community what changes they predicted for the bug bounty space in the year to come.
Last year, we launched the Inside the Mind of a Hacker report, sharing insights into the distinct profiles and stories, gathered from the Bugcrowd researcher community. Today we’re launching our second iteration on this, Inside the Mind of a Hacker 2.0, diving deeper into the collective power and intelligence the bug bounty community brings to the war on bugs.
The stakes have never been greater, it seems. Breaches and attacks from independent actors or nation states have increased in number and their impact can be felt by all. At Bugcrowd, we’ve built a community of more than 65,000 security researchers and white-hat hackers that is helping organizations around the globe increase their defenses by finding and resolving security vulnerabilities at break-neck speed.
The following is a guest blog post from Mert & Evren, two talented researchers from Turkey. IDOR vulnerabilities are of the higher impact and higher paying vulnerabilities for web bug bounties. This article explores what IDORs are and how to find them.
In the past year we’ve seen the Bugcrowd community more than double to more than 60,000 researchers, up from 26,782 at the beginning of 2016. With this growth comes the increasing responsibility to educate and foster the professional growth that our researchers seek every day.
Our goal for this conference is to create opportunities for researchers to learn and level-up their skills. We're also working on ways that we can help researchers network and meet one another during the conference.
This is the fifth post in our series: "Bug Bounty Hunter Methodology". Read on to learn how you can use bug bounties to build and grow a successful penetration testing or bug hunting career. If you have any feedback, please tweet us at @Bugcrowd.
This is the fourth post in our series: "Bug Bounty Hunter Methodology". Today's is a guest post from Scott Robinson, @sd_robs on Twitter and SRobin on Bugcrowd. Read on to learn how to write a successful bug submission. If you have any feedback, please tweet us at @Bugcrowd.
This is the third post in our series: "Bug Bounty Hunter Methodology". Today's is a guest post from ZephrFish, whom you can follow on twitter at @ZephrFish. Read on to learn how to use notes and session tracking to make your bug bounty hunting more successful. If you have any feedback, please tweet us at @Bugcrowd.
This is the second post in our new series: "Bug Bounty Hunter Methodology". Today we explore bounty scopes, disclosure terms & rules, and how those guide you in your hacking. If you have any feedback, please tweet us at @Bugcrowd.
This is the first post in our new series: "Bug Bounty Hunter Methodology". Over the coming weeks, we will share information and resources that will help any aspiring security researcher or bug bounty hunter get their start. If you have any feedback, please tweet us at @Bugcrowd.