HackDig : Dig high-quality web security articles for hackers

Ethical hackers swarm Pentagon websites

byDanny BradburyHackers are crawling all over the US Department of Defense’s websites. Don’t worry, though: they’re white hats, and DoD officials are quite happy about the whole thing.Four years after it first invited white hat hackers to start hacking its systems, the Pentagon continues asking them to do their worst – and a report re
Publish At:2020-03-05 09:26 | Read:589 | Comments:0 | Tags:Government security Security threats bug bounties Bug Bounty

DOD invites you (well, some of you) to “Hack the Pentagon” this month

On Thursday, the US Department of Defense announced the launch of a pilot bug-bounty program for the DOD's public-facing websites. Called "Hack the Pentagon," the bounty program will be managed by HackerOne, the disclosure-as-a-service company founded by Alex Rice and Michiel Prins.Since Hack the Pentagon is a pilot, its budget and duration are fairly modest
Publish At:2016-04-01 17:50 | Read:3572 | Comments:0 | Tags:Risk Assessment bug bounties DoD

Model Assesses Readiness to Accept Outside Vulnerability Reports

The proliferation of independent and vendor-sponsored bug bounties has not only put some money in researchers’ pockets, but has also forced enterprises—and software makers—to put processes in place to handle outside bug reports.“Saying you want one is not enough,” said Katie Moussouris, chief policy officer at bug bounty platform provider H
Publish At:2015-09-22 18:05 | Read:2870 | Comments:0 | Tags:Vulnerabilities Web Security bug bounties bug reports Hacker

Security, Reverse Engineering and EULAs

Like more than a few others, I experienced the infosec outrage against Mary Ann Davidson, Oracle’s Chief Security Officer, before I actually read the now-redacted blog post. After taking the time to read what she actually wrote (still available through Google’s web cache), I think there’s more discussion to be had than I’ve seen so far.First, it
Publish At:2015-08-14 02:35 | Read:3792 | Comments:0 | Tags:Connecting Security to the Business Featured Articles black

LinkedIn Goes Public with Its Private Bug Bounty

Public-facing bug bounties are the shiny new bauble of computer security. And with good reason since in most cases, companies that start their own bounties or go through a third-party platform provider are able to take advantage of a pool of skilled contributors, patch products, and improve security overall.LinkedIn has taken a decidedly quieter approach. Si
Publish At:2015-06-18 02:45 | Read:4136 | Comments:0 | Tags:Vulnerabilities Web Security bug bounties Cory Scott LinkedI

HTTPS Opens Door to Paid Pinterest Bug Bounty

Pinterest’s journey toward becoming a fully HTTPS website opened a lot of doors, including a potentially profitable one for hackers.The social networking site this week announced that it would begin paying cash rewards through its bug bounty program, upping the stakes from the T-shirt it originally offered last May when it kicked off the Bugcrowd-hoste
Publish At:2015-03-18 01:00 | Read:2990 | Comments:0 | Tags:Vulnerabilities Web Security bug bounties Bugcrowd HTTPS htt

Yahoo Patches Critical eCommerce, Small Business Vulnerabilities

Yahoo has fixed a handful of vulnerabilities that could have given an attacker free reign over all of its user-run eCommerce websites and caused multiple headaches for small business owners.One bug could have allowed a hacker to change item prices on a whim and given them access to sensitive information provided to web stores powered by Yahoo. A separate bug
Publish At:2015-03-10 16:50 | Read:3095 | Comments:0 | Tags:SMB Security Vulnerabilities Bounty programs bug bounties Bu

Don’t Build a Bounty Program; Build an Incentive Program

CANCUN – Bounty programs are mislabeled creatures, too often pigeonholed as a payoff for finding individual vulnerabilities in software.Wrong.“The name bug bounty is actually a false categorization of what is truly just an incentive program,” said Katie Moussouris, chief policy officer at HackerOne and architect of Microsoft’s vulnerability
Publish At:2015-02-16 22:15 | Read:2819 | Comments:0 | Tags:Microsoft Security Analyst Summit Vulnerabilities Web Securi

Google Adds Research Grants to Bug Bounty Program

Google last week announced that it has instituted a program for 2015 in which researchers can receive up to 3,133.70 in grant money for bug hunting.Researchers must apply for the grants, which will be an up-front award that will be paid out before a bug is submitted, Google said.“Researchers’ efforts through these programs, combined with our own
Publish At:2015-02-03 06:10 | Read:3054 | Comments:0 | Tags:Uncategorized bug bounties bug hunters google Google bug bou

Facebook to Double Bounty Payouts For Ad Code Bugs

Popular segments of Facebook code have plenty of white—and black hats—poking around for bugs. The same probably cannot be said for the social network’s ads code, so Facebook has decided to add an incentive to its bug bounty program.Through the end of the year, payments will be doubled for bugs reported to and verified by the bounty program, Facebook sa
Publish At:2014-10-15 18:45 | Read:3251 | Comments:0 | Tags:Vulnerabilities bug bounties bug hunter Facebook bug bounty

Square Launches Bug Bounty, Hires Top Security Researcher

The bug bounty phenomenon began mainly with major software vendors and security companies, which were the main targets for security researchers and attackers. But it is now moving to virtually every corner of the Web and software ecosystem, and the latest company to join the party is Square, the mobile payment company.Square’s service allows merchants
Publish At:2014-08-11 15:20 | Read:3364 | Comments:0 | Tags:Mobile Security SMB Security Web Security bug bounties Dino

Tools

Tag Cloud