Bug Bounty & Agile Pentesting Platform

Bug Bytes #167 – AWS RDS Local File Read & Are you making these learning mistakes or misusing Burp’s predefined lists?

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The first series is curated by Mariem, better known as PentesterLand. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources. This issue covers the week from April 4 to 11. Our favorite […]

Continue reading Continue reading

Empower your security team to build stronger defenses against cybercriminals [Interview]

This interview originally appeared in Cybernews in April 2022. Trusting your cybersecurity team to identify vulnerabilities in your company’s security systems is vital. However, you’ll likely sleep better at night by getting a second look from an outsider.  Such is the work that bug bounty hunters (ethical hackers) do. These specialists try to hack into […]

Continue reading Continue reading

Here’s how running an internal bug bounty program can boost your company’s security posture

What does “internal” stand for in the context of an “internal bug bounty program’? Bug bounty programs are usually directed at security researchers who have an account with a bug bounty platform, such as Intigriti. However, there is also an option to include the employees working for the company that runs the program. As Hacker […]

Continue reading Continue reading

Changelog #33 – Collaboration makes you better!

Researcher collaboration Researcher collaboration is essential to ensure the success of a bug bounty program. Quality, creativity and impact are often achieved by working together and exchanging technical know-how. Live events and live communication tools, like our Discord community, showed us the increased popularity and impact of researcher collaboration. Finding high impact and complex vulnerabilities […]

Continue reading Continue reading

7 ways bug bounty programs can help drive the security development lifecycle

Software Development Lifecycles (SDLCs) today have to take a huge number of security and privacy realities into consideration with every release — and with the widespread adoption of agile methodologies, release cycles have become more frequent. Such rapid, large-scale change in how software is produced, delivered and consumed has increased the need for continuous, proactive […]

Continue reading Continue reading