Bug Bounty News

Hunting Down The Top 5 Most Common Price Manipulation Vulnerabilities in E-Commerce Websites

Hunting Down The Top 5 Most Common Price Manipulation Vulnerabilities in E-Commerce Websites

Bug Bounty News

February 5, 2024

E-commerce stores can lose out on a lot of revenue if price manipulation vulnerabilities get actively exploited by bad actors.  These are often security vulnerabilities caused by improper logic handling by developers which can cause the server to miscalculate prices (formula injection) at checkout,

Bug bounty and the EU Cyber Resilience Act – everything you need to know

Bug Bounty News

March 14, 2023

The EU Cyber Resilience Act aims to protect Europe from increasingly sophisticated cyber-threats. The first quarter of 2023 has seen significant cybersecurity legislation coming out of the European Union (EU).  In early February, we reported on the adoption of the NIS2 Directive – a major EU cyberse

How will the NIS2 Directive impact the European bug bounty market?

Bug Bounty News

February 9, 2023

The NIS2 Directive is due to be implemented across the EU by September next year. Find out how the legislation will  impact the region’s bug bounty and cybersecurity industry. In 2022, the bug bounty and crowdsourced security industry experienced a surge in its validation and growth across the globe

Top 20 bug bounty YouTube channels in 2023

Bug Bounty News

January 3, 2023

Knock knock, who’s there? It’s 2023! But before we dive head-first into the new year, let’s take a look back at 2022 and specifically at the creators who ruled the bug bounty scene in 2022. These are the top 20 bug bounty creators! Content creators are incredibly important to Intigriti. We really ap

Bug bounty and AI: How machine learning is changing the game for cybersecurity

Bug Bounty News

December 22, 2022

AI presents some fresh opportunities to the bug bounty industry, but caveats apply You would be hard-pressed to find anyone in the cybersecurity industry who had not heard of ChatGPT over the past few weeks. Launched by research lab OpenAI as a prototype in November, ChatGPT is an artificial intelli

How policymakers are helping expand the adoption of bug bounty programs

Bug Bounty News

December 20, 2022

Thanks to lawmakers, 2022 was one of the best years ever for the advancement, validation, and growth of the bug bounty and crowdsourced security industry.  As we look back over the cybersecurity developments in 2022, we see a year where bug bounty programs and vulnerability disclosure policies (VDP)

Key terms in crowdsourced security

Bug Bounty News

December 6, 2022

Do you know your bug bounty from your Hybrid Pentest? Cybersecurity moves fast. And if keeping up with the latest emerging threats wasn’t enough, knowing the best way to defend against them can feel just as complicated.  When it comes to crowdsourced security, we’ve come a long way since the days of

Security is a continuous process. Here’s why your testing process should be too

Bug Bounty News

July 26, 2022

“Continuous security testing” has recently achieved a top ten spot in the cybersecurity lexicon. At first glance, it appears self-explanatory and very sensible—something like, “An apple a day keeps the doctor away”, right? Well, yes. But what exactly is continuous security testing? How is it differe

What is a bug bounty platform? And what are the alternatives? 

Bug Bounty News

July 25, 2022

Organizations run bug bounty programs as a way to identify and fix vulnerabilities within their systems, assets, and applications. They work by giving ethical hackers permission to test for vulnerabilities and provide a report of what they discover in an effort to reduce their attack surface. Altern

5 considerations when choosing a bug bounty platform

Bug Bounty News

July 20, 2022

Anyone assessing the best bug bounty platforms will likely encounter many long lists of platform features. These can be overwhelming and leave you uncertain about how to make the right choice for your company’s cybersecurity needs. So, how do you make an informed choice from the diversity of platfor

U.S. Justice Department will no longer bring charges against good-willed security researchers

Bug Bounty News

June 14, 2022

There was big news for the crowdsourced ethical hacking community on May 19th this year. The U.S. Department of Justice revised its policy in respect to “ethical” or “good-faith” hackers. It will no longer prosecute them under the Computer Fraud and Abuse Act (CFAA). This is a welcome step forward i

7 ways bug bounty programs can help drive the security development lifecycle

Bug Bounty News

March 18, 2022

Software Development Lifecycles (SDLCs) today have to take a huge number of security and privacy realities into consideration with every release — and with the widespread adoption of agile methodologies, release cycles have become more frequent. Such rapid, large-scale change in how software is prod

How ethical hackers can help to increase your attack surface visibility

Bug Bounty News

February 21, 2022

200 years after the first design for a Panopticon, some security experts still dream of safeguarding the security of an entire institution from a single, centralized viewpoint. They are looking in the wrong direction. Cybersecurity teams who want to achieve comprehensive attack surface visibility sh

3 ways ethical hackers can help reduce cybersecurity skills gaps

Bug Bounty News

February 11, 2022

How often do you read in the news about the great job a cybersecurity team just did? The inevitable response is just one of many reasons for today’s acute cybersecurity skills gap. Information security hiring managers are struggling to attract enough talent, and most pundits consider understaffed se

Vulnerability scanners vs bug bounty programs: What does your business need?

Bug Bounty News

February 8, 2022

To compare vulnerability scanners vs bug bounty programs is, in many ways, to bring the long-standing debate about humans vs machines to the realm of cybersecurity. Automated tools, like security scanners, have been helping protect computers and networks for decades now. Recently, automation has pro

How can a bug bounty program improve your IT security posture?

Bug Bounty News

January 21, 2022

Rapidly evolving technology has created a world whereby cybersecurity must grow and mature at equal speed. Your IT security posture should anticipate fast change by providing real-world, real-time testing of your cyber defenses for known and unknown threats. This article looks at how to use a bug bo

Top 20 bug bounty YouTube channels to follow in 2021!

Bug Bounty News

December 31, 2021

After last year’s edition of our “Top 20 bug bounty Youtube channels” blog post, you should all know by now how important content creators are to Intigriti. We really appreciate all the time and hard work they are putting into enabling a new wave of hackers and security researchers! Over the last 12

5 ways to maximize hacker participation in your bug bounty program

Bug Bounty News

August 2, 2021

Our customer success team at Intigriti is often faced with the same question: How can we maximize ethical hacker participation in our bug bounty program? To answer this query, we asked our security researcher community what their top reasons were for picking a bug bounty target as part of our Ethica

What is an ethical hacker? And why do companies hire them?

Bug Bounty News

May 27, 2021

Ask someone to define the word ‘hacker’ and it’s almost guaranteed to spark a debate. Yet, hacking isn’t a new concept. In fact, it’s been around for decades. Throughout the sixties, hacking simply meant optimising systems and machines to make them run more efficiently.  Since then, the world’s fear

Vulnerability Disclosure Programs Vs Bug Bounty: Which Is Best?

Bug Bounty News

May 19, 2021

Ethical hackers dedicate significant amounts of time to discover and report security flaws to businesses. Creating a stress-free and sensical way for them to disclose security vulnerabilities to you is critical. Not only does it encourage responsible disclosure, but it maximises the success of their