Bug Bounty News

E-commerce stores can lose out on a lot of revenue if price manipulation vulnerabilities get actively exploited by bad actors.  These are often security vulnerabilities caused by improper logic handling by developers which can cause the server to miscalculate prices (formula injection) at checkout,

The EU Cyber Resilience Act aims to protect Europe from increasingly sophisticated cyber-threats. The first quarter of 2023 has seen significant cybersecurity legislation coming out of the European Union (EU).  In early February, we reported on the adoption of the NIS2 Directive – a major EU cyberse

Knock knock, who’s there? It’s 2023! But before we dive head-first into the new year, let’s take a look back at 2022 and specifically at the creators who ruled the bug bounty scene in 2022. These are the top 20 bug bounty creators! Content creators are incredibly important to Intigriti. We really ap

AI presents some fresh opportunities to the bug bounty industry, but caveats apply You would be hard-pressed to find anyone in the cybersecurity industry who had not heard of ChatGPT over the past few weeks. Launched by research lab OpenAI as a prototype in November, ChatGPT is an artificial intelli

Thanks to lawmakers, 2022 was one of the best years ever for the advancement, validation, and growth of the bug bounty and crowdsourced security industry.  As we look back over the cybersecurity developments in 2022, we see a year where bug bounty programs and vulnerability disclosure policies (VDP)

Do you know your bug bounty from your Hybrid Pentest? Cybersecurity moves fast. And if keeping up with the latest emerging threats wasn’t enough, knowing the best way to defend against them can feel just as complicated.  When it comes to crowdsourced security, we’ve come a long way since the days of

“Continuous security testing” has recently achieved a top ten spot in the cybersecurity lexicon. At first glance, it appears self-explanatory and very sensible—something like, “An apple a day keeps the doctor away”, right? Well, yes. But what exactly is continuous security testing? How is it differe

Organizations run bug bounty programs as a way to identify and fix vulnerabilities within their systems, assets, and applications. They work by giving ethical hackers permission to test for vulnerabilities and provide a report of what they discover in an effort to reduce their attack surface. Altern

Anyone assessing the best bug bounty platforms will likely encounter many long lists of platform features. These can be overwhelming and leave you uncertain about how to make the right choice for your company’s cybersecurity needs. So, how do you make an informed choice from the diversity of platfor

There was big news for the crowdsourced ethical hacking community on May 19th this year. The U.S. Department of Justice revised its policy in respect to “ethical” or “good-faith” hackers. It will no longer prosecute them under the Computer Fraud and Abuse Act (CFAA). This is a welcome step forward i

Software Development Lifecycles (SDLCs) today have to take a huge number of security and privacy realities into consideration with every release — and with the widespread adoption of agile methodologies, release cycles have become more frequent. Such rapid, large-scale change in how software is prod

200 years after the first design for a Panopticon, some security experts still dream of safeguarding the security of an entire institution from a single, centralized viewpoint. They are looking in the wrong direction. Cybersecurity teams who want to achieve comprehensive attack surface visibility sh

How often do you read in the news about the great job a cybersecurity team just did? The inevitable response is just one of many reasons for today’s acute cybersecurity skills gap. Information security hiring managers are struggling to attract enough talent, and most pundits consider understaffed se

To compare vulnerability scanners vs bug bounty programs is, in many ways, to bring the long-standing debate about humans vs machines to the realm of cybersecurity. Automated tools, like security scanners, have been helping protect computers and networks for decades now. Recently, automation has pro

Rapidly evolving technology has created a world whereby cybersecurity must grow and mature at equal speed. Your IT security posture should anticipate fast change by providing real-world, real-time testing of your cyber defenses for known and unknown threats. This article looks at how to use a bug bo

After last year’s edition of our “Top 20 bug bounty Youtube channels” blog post, you should all know by now how important content creators are to Intigriti. We really appreciate all the time and hard work they are putting into enabling a new wave of hackers and security researchers! Over the last 12

Our customer success team at Intigriti is often faced with the same question: How can we maximize ethical hacker participation in our bug bounty program? To answer this query, we asked our security researcher community what their top reasons were for picking a bug bounty target as part of our Ethica

Ask someone to define the word ‘hacker’ and it’s almost guaranteed to spark a debate. Yet, hacking isn’t a new concept. In fact, it’s been around for decades. Throughout the sixties, hacking simply meant optimising systems and machines to make them run more efficiently.  Since then, the world’s fear

Ethical hackers dedicate significant amounts of time to discover and report security flaws to businesses. Creating a stress-free and sensical way for them to disclose security vulnerabilities to you is critical. Not only does it encourage responsible disclosure, but it maximises the success of their

The value of bug bounty programs is recognised by well-known companies all over the world. However, there are still a few stubborn myths about the concept that persists. This article lists six of the most common misconceptions we hear when speaking to potential customers about bug bounty programs.