Bugcrowd Blog

Inside the Mind of a Hacker 2.0

Posted by Sam Houston on Nov 14, 2017 6:03:00 AM

Last year, we launched the Inside the Mind of a Hacker report, sharing insights into the distinct profiles and stories, gathered from the Bugcrowd researcher community. Today we’re launching our second iteration on this, Inside the Mind of a Hacker 2.0, diving deeper into the collective power and intelligence the bug bounty community brings to the war on bugs.

The stakes have never been greater, it seems. Breaches and attacks from independent actors or nation states have increased in number and their impact can be felt by all. At Bugcrowd, we’ve built a community of more than 65,000 security researchers and white-hat hackers that is helping organizations around the globe increase their defenses by finding and resolving security vulnerabilities at break-neck speed.

Read More
Bugcrowd News, Research and Reports

How to Earn Your Way Onto a Private Bounty Program

Posted by Abby Mulligan on Nov 10, 2017 9:05:00 AM

We are consistently asked “How Do I Earn Private Program Invitations?”
Hands down, this is our most commonly asked question from members of our Crowd, so we want to take this opportunity to reemphasize the most important information to keep an eye on if you’re looking to get invited to a private program.

Since 2015, we have consistently used the following performance and activity markers (+ any required technical skills!) to choose our program participants. The criteria we continue to use to determine invites:

Read More
Researcher Resources

How-To: Find IDOR (Insecure Direct Object Reference) Vulnerabilities for large bounty rewards

Posted by Sam Houston on Nov 9, 2017 8:00:00 AM

The following is a guest blog post from Mert & Evren, two talented researchers from Turkey. IDOR vulnerabilities are of the higher impact and higher paying vulnerabilities for web bug bounties. This article explores what IDORs are and how to find them.

Read More
Bug Hunter Tips and Tricks, Researcher Resources

October 2017 Hall of Fame

Posted by Kaila Pollart on Nov 1, 2017 12:23:59 PM

Bugcrowd is pleased to recognize our October 2017 Hall of Fame winners!

Read More

Car Hacking in the Cloud (for Cheap) at DEF CON, Part 2

Posted by Daniel Trauner on Oct 30, 2017 10:00:00 AM

Last month, we wrote an introductory overview of our experience running the second annual Car Hacking Village CTF infrastructure at DEF CON 25. Most notably, our use of Zappa to deploy Flask-based CTFd on AWS Lambda and API Gateway resulted in a $1.50 bill for the entire month of July (excluding database instances), while providing a number of operational advantages over last year’s traditional infrastructure.

Read More
Bugcrowd News, events, CTF

Bugcrowd Integration Now Available in Qualys Web Application Scanning

Posted by Dave Ferguson on Oct 18, 2017 8:53:33 AM

The new version of Qualys Web Application Scanning, WAS 5.7, adds an integration with Bugcrowd for centralized viewing and triaging of both WAS automated vulnerability detections and vulnerabilities submitted by Bugcrowd’s approved security researchers.

Read More
Guest Blog, Bugcrowd News

Consistency is Key: Aligning Bugcrowd’s VRT with CVSS

Posted by Travis Andrade on Oct 10, 2017 10:00:00 AM

We are proud to announce the newest Crowdcontrol update, which now maps the open standard Vulnerability Rating Taxonomy (VRT) to the Common Vulnerability Scoring System (CVSS) v3, allowing organizations to manage submission severity with CVSS v3!

Read More
Product Updates

September 2017 Hall of Fame

Posted by Chloe Brown on Oct 9, 2017 10:00:00 AM

Bugcrowd is pleased to recognize our September 2017 Hall of Fame winners!

Read More

What We Can Learn from NETGEAR's Approach to Security

Posted by Ashish Gupta on Oct 6, 2017 9:00:00 AM

Earlier this week, Threatpost reported NETGEAR had fixed 50 vulnerabilities in its routers, switches, and NAS devices -- many of which were reported via the company’s bug bounty program,

Read More
Program Updates

Introducing the Bugcrowd Researcher Advisory Council

Posted by Chloe Brown on Oct 5, 2017 8:00:00 AM

In celebration of its upcoming one year anniversary, we are thrilled to formally announce the Bugcrowd Researcher Council. Begun as a pilot program in November of 2016, Bugcrowd's Researcher Success Team identified 5 Researchers to invite to a special kind of pilot feedback program; since then, the program has grown 200% and the Council members have given their valuable feedback on a variety of implemented improvements, including the Researcher Dashboard and the current ongoing improvements to tokenized search.

Read More