Bugcrowd Blog

Mobile Testing: Setting Up Your Android Device Pt. 1

Posted by Paul Ivanivsky on Aug 25, 2016 1:33:58 PM

In this post, I will provide a brief overview of the anatomy of a mobile penetration test, and cover the first step in getting started with mobile testing on an Android device. My goal is to help folks that are new to mobile testing break the barrier of getting started, and debunk the assumption that mobile application testing is too difficult.  

Read More
Bug Hunter Tips and Tricks

Product Security Incident Response 101

Posted by Kymberlee Price on Aug 22, 2016 8:23:14 AM

Earlier this year, I wrote extensively about vulnerability disclosure policies and benefits as well as how trust impacts the disclosure process between researchers and vendors. While writing these posts, I looked for publicly available (free!) literature on product security incident response (PSIRT) processes to share. I thought I’d find vendors publishing their PSIRT best practices on operations or how to publish an advisory, but 99% of what I found was network incident response focused and not relevant for application or product security teams. I suddenly realized that despite all my years working in a PSIRT, I'd never published any operational guidance that would help other defenders learn from my experiences - and it was time to change that. 

Read More
Interesting

July 2016 Hall of Fame

Posted by Kaila Pollart on Aug 10, 2016 4:30:52 PM

Bugcrowd is excited to announce our July 2016 Hall of Fame winners! Apologies for the delay in posting this, but we spent all last week in Las Vegas at Black Hat/DEFCON (you can read all about it here)!

Once again, mert has topped the June leaderboard with his amazing work across our platform. Following up, we're happy to have VINOTHKUMAR in second place, and krbtgt rounding out the top three. To thank our top performers for their hard work, Bugcrowd is pleased to announce that all three researchers will receive bonuses for their performance.

Read More
Bugcrowd Updates

2016 Black Hat, DEFCON, BSides Wrap Up

Posted by Sam Houston on Aug 9, 2016 4:41:24 PM

Now that we've rested our feet, drank some water, and adjusted from the Las Vegas time warp, we thought we'd give a brief recap of our week. In the six days we spent boots down in Vegas, we caught some great talks with some of our favorite people, threw, sponsored and attended awesome events, and as always, met amazing folks from the InfoSec community. 

Read More
Conferences

Big Bugs Podcast Episode 4: Fun and Hacking with Pokemon Go!

Posted by Jason Haddix on Jul 29, 2016 2:30:11 PM

This week's Big Bugs podcast is near and dear to my heart, combining three of my favorite things: mobile hacking, gaming, and security in general. In this episode, I'll start by giving a brief history of Niantic and Pokemon Go and review some of the few technical issues that the game has experienced. The bulk of this podcast will be focused on how the hacking scene found ways to reverse engineer the game, and of course some tips and tricks so you can catch 'em all.

It's a bit longer than the usual Big Bugs podcast, but I feel like it's well worth it, as the Pokemon Go phenomenon has been amazing to experience and be part of. Below the recording, I've included some notes to accompany this episode, and resources referenced as well.

Subscribe to our Bugcrowd Podcast RSS feed here: 

Read More
Interesting, Bug Hunter Tips and Tricks

Product Update - Insights into Your Program's Performance:

Posted by Katrina Rodzon on Jul 28, 2016 10:00:00 AM

Crowdcontrol’s new ‘Insights’ dashboard provides insightful metrics into your bug bounty program performance. This is just the first step we are taking in bringing you the right metrics to initiate scalable actions and provide meaningful reports for your security team, development team and the people who write the checks.

Read More
Bugcrowd Updates

Ring ring! Hello, Mobile Testers?

Posted by Chloe Brown on Jul 18, 2016 10:50:03 AM

In April we announced a Mobile bonus reward program for researchers that submitted valid, non-duplicate mobile vulnerabilities for a chance to win $1000, and in early June we expanded the program to two bonuses. We are excited to announce our two winners, and congratulate putsi and robinooklay for their mobile submissions! 

Read More
Bugcrowd Updates

Fiat Chrysler - The First Full-Line Automaker to Launch a Paid Public Bug Bounty Program

Posted by Casey Ellis on Jul 13, 2016 6:56:39 AM

2015 was the year the public perception of automobile safety changed forever… Chris Valasek and Charlie Miller’s notorious Jeep Cherokee hack transformed the idea of the humble automobile into a 2-tonne computer that can be hacked just like any other. In recent years, automakers are realising that hackers just like Charlie and Chris are already at the table, ready and willing to help, and are leveraging the work coming out of this community to make their products safer from cyber threats.

We are excited to announce that Fiat Chrysler Automobiles is joining the ranks of those pioneering this relationship, by becoming one of the first automakers to launch a bug bounty program.

Read More
Bugcrowd Updates

June 2016 Leaderboard

Posted by Kaila Pollart on Jul 11, 2016 12:30:00 PM

Bugcrowd is excited to announce our June 2016 Hall of Fame winners! Apologies for the delay in posting this, but I'm sure you've all seen that we're pretty busy planning big things for Black Hat + DEFCON this August.

Once again, mongo has topped the June leaderboard with his amazing work across our platform. Following up, we're happy to have mert in second place, and Web_Plus rounding out the top three. To thank our top performers for their hard work, Bugcrowd is pleased to announce that all three researchers will receive bonuses for their performance.

Read More
Bugcrowd Updates

Bugcrowd VIP Party at DEFCON 2016

Posted by Kymberlee Price on Jul 8, 2016 9:33:06 AM

The one month countdown to both Black Hat USA and DEFCON has officially started, and we have a lot planned for both the Crowd and our customers this August. There are many more announcements to follow, but this is one that can't wait.

Read More
Bugcrowd Updates