With Bugcrowd's roots in Australia, it's always a great time to work with the security community from down under. Australia has some of the best infosec talent around, and this week's Spotlight is on one of their bug bounty hunters: Justin Steven.
It's only been 5 months since Darkarnium joined Bugcrowd, but in that short time he's shot his way up our all-time leaderboard to #113 and impressed us all with his 100% acceptance rate and 1.5 average priority. Darkarnium is a bit of a "sniper", the bugs that he submits are often a high priority and high impact.
This week's Researcher Spotlight is actually on two researchers which make up a team. Internetwache is one of the most active groups in the bug bounty researcher scene, finding vulnerabilities in Facebook, eBay, Apple, Twilio and many others. The team consists of Sebastian Neef and Tim Schäfers, and they were both kind of enough to participate in this week's spotlight interview.
Today's spotlight is on a researcher who clearly enjoys giving back and helping the community. Mazin Ahmed has been active in the bug bounty scene for the last two years and can often be found collaborating and joining discussions on Twitter, IRC, forums and other communities.
The security researcher community at Bugcrowd is quite diverse with backgrounds and experience of all shapes and sizes. This week's researcher spotlight is on Casey Dunham, a security professional with a computer science background and experience as a software developer. In our interview below, you will see how Casey's background informs his approach to security testing and enables his success.
At Bugcrowd we’ve heard from many researchers that they would love to do bug hunting full-time. Many researchers have used bug bounties as way to supplement their income, build up their skills, increase the size of their professional network and the number of work opportunities available to them.
At DEFCON 23 this year we interviewed a few members of the Bugcrowd Researcher community, getting their impressions of DEFCON and gathering some tips & tricks for bug bounty hunters.
We're joined by Fredrik "Almroot" Almroth, a Bugcrowd community member and highly skilled security researcher. Fredrik has been active in bug bounties since 2010, when he found his first Google vulnerability. Fredrik and his team at Detectify have found vulnerabilities in many of the top bug bounties in the world, including Google and Facebook. He's one of the most prolific security researchers in the community and it was great to get Fredrik to share some of his tips and tricks.
This week, we announced that Bugcrowd has reached our 10,000 researcher milestone. To celebrate this awesome community, and to reward the elite few who have climbed to the top of the mountain, we're bringing out our longest standing #1 ranked Bugcrowd security researcher, known on the leaderboard as Bitquark, to Las Vegas to celebrate DEF CON 22 with us, and we're having a party.
JHaddix is Bugcrowd’s number one ranked security researcher. He’s climbed to the top of the mountain and stayed there by consistently finding the highest level vulnerabilities in both web and mobile applications. His testing methodology is both thorough and creative, but it’s his years of experience as a security professional have allowed him to dominate in the leaderboard. Using this, he is able to adapt to the fast paced competition of bug bounty programs.