Bugcrowd Blog

Vulnerability Prioritization at Bugcrowd

Posted by Kymberlee Price on Aug 14, 2015 9:07:43 AM

The only way for a security team to effectively manage risk is vulnerability prioritization and management. There are many different prioritization models used across the industry that are based on vulnerability risk and impact. Without a clear prioritization model, how do you know what to fix first? Highest CVSS Score? FIFO? LIFO? Externally known issues? Whatever your prioritization plan is, it needs to be documented and updated as threats to your business change.

Read More
Bugcrowd News, Bug Hunter Tips and Tricks

Advice From A Researcher: How To Approach A Target

Posted by Katrina Rodzon on Jul 14, 2015 1:00:11 AM

Editor's Note: Today I’d like to introduce you to Bugcrowd member Anshuman Bhartiya (anshuman_bh). As an information security professional as well as bug bounty researcher, Anshuman has helped improve the security of many organizations. He has submitted several P1 & P2 bugs leading to his high standing within the programs he is involved in. As an active member on our Bugcrowd forum he also contributes to the bug bounty researcher community. This blog is from one of his responses on the forum that he has allowed us to post here. We are thrilled to share his thoughts and experience on how to successfully approach a target. Thanks!

Read More
Guest Blog, Bug Hunter Tips and Tricks

Top 3 Mobile App Security Threats + How to Test for Them

Posted by Jason Haddix on Jul 10, 2015 7:06:42 AM

Mobile devices are relatively new to the connected world, yet the issues surrounding mobile app security have proven much more complex than those around web applications when it comes to threat modeling. With mobile, it's not just about code running on devices, but depends heavily on device security – taking into account different versions, interfaces, platforms, and device integrity (i.e. jailbroken).

Read More
Bug Hunter Tips and Tricks

How I Got Into Security: Duarte Silva

Posted by Katrina Rodzon on Jul 8, 2015 1:00:50 AM

Editor's Note: Bugcrowd community researcher, Duarte Silva, shares the story behind how he started working in information security. Duarte is one of Bugcrowd's top researchers, you can follow him on Twitter at @serializingme.

Read More
Guest Blog, Bug Hunter Tips and Tricks

Advice From A Researcher: Hunting XXE For Fun and Profit

Posted by Bugcrowd on Jul 3, 2015 2:00:07 AM

About the Author: Ben Sadeghipour has been participating in bug bounty programs since February of 2014. After his first few bugs, he came to realize that bug bounties are a great way to learn more about web application security as well as make some extra money while going to school - computer science major. Currently Ben is an intern at Bugcrowd and continues to do bug bounty research. You can see more of his work on nahamsec.com.

Read More
Guest Blog, Bug Hunter Tips and Tricks

Burp Suite Tutorial: 1

Posted by Katrina Rodzon on Jul 1, 2015 2:00:22 AM

As promised in our previous blog, Jason Haddix -Director of Technical Operations- is doing an unedited series on using Burp Suite, a very useful tool when searching for Bug Bounties. This video is the first in a month long series.

Read More
Interesting, Bug Hunter Tips and Tricks

Hacking With Burp Suite

Posted by Jason Haddix on Jun 29, 2015 2:00:29 AM

Bugcrowd loves its researcher and technical community. One responsibility we feel we have here is to empower that community. As a part of this effort we plan to roll out some free training and professional development material. These videos will be free of charge and are aimed at exploring useful practices in the application security. This is part of a larger initiative we are planning at Bugcrowd (more on that later).

Read More
Bug Hunter Tips and Tricks

Advice From A Researcher: Protecting Your Dev Environments

Posted by Katrina Rodzon on Jun 24, 2015 2:00:00 AM

[Today I’d like to introduce you to Bugcrowd member Ciaran McNally. (maK0) As a freelance security consultant as well as entrepreneur, Ciaran has helped improve the security of many organizations. We are honored to share is thoughts and experience on how organizations can increase their overall security. Thanks!

Read More
Guest Blog, Bug Hunter Tips and Tricks

A Look at Private Bounty Program Invitations

Posted by Kymberlee Price on Jun 18, 2015 9:12:57 AM

Today I thought it would be interesting to our Crowd members to take a look at private bounty program invitations. With both public and private bounty programs and tens of thousands security researchers, how does Bugcrowd choose who to invite to a private program? Is there a secret handshake? A password to a private clubhouse? Do I roll the dice?

Read More
Bugcrowd News, Bug Hunter Tips and Tricks

Adventures in Reverse Engineering

Posted by Sam Houston on Jun 2, 2015 9:43:23 AM

One thing we like to highlight at Bugcrowd is creating lasting positive relationships between clients and talented researchers. Today one of our crowd, Duarte Silva, released some of his work on reverse engineering Aruba Networks ArubaOS Firmware package.

Read More
Interesting, Bug Hunter Tips and Tricks