bug hunting – WindowsTechs.com

Apple offers security researchers specialized iPhones to tinker with

Posted on August 31, 2023 by Helga Labus

Apple is inviting security researchers to apply for the Apple Security Research Device Program (SRDP) again, to discover vulnerabilities and earn bug bounties. Apple started the Apple SRDP in 2019. In the intervening years, participating researchers ha… Continue reading Apple offers security researchers specialized iPhones to tinker with→

Google invites bug hunters to scrutinize its open source projects

Posted on August 31, 2022 by Zeljka Zorz

Google wants to improve the security of its open source projects and those projects’ third-party dependencies by offering rewards for bugs found in them. “Depending on the severity of the vulnerability and the project’s importance, rewards … Continue reading Google invites bug hunters to scrutinize its open source projects→

JavaScript bugs aplenty in Node.js ecosystem – found automatically

Posted on August 30, 2022 by Paul Ducklin

How to get the better of bugs in all the possible packages in your supply chain? Continue reading JavaScript bugs aplenty in Node.js ecosystem – found automatically→

The Intigriti Ethical Hacker Survey 2022

Posted on June 6, 2022 by Help Net Security

The Intigriti Ethical Hacker Survey 2022 is now available, highlighting how ethical hacking continues to grow as a popular career choice for all levels of security experts. For the second year running, Intigriti has gone into the field and spoken to a … Continue reading The Intigriti Ethical Hacker Survey 2022→

Cisco security devices targeted with CVE-2020-3580 PoC exploit

Posted on June 29, 2021 by Zeljka Zorz

Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently started after Positive Technologies researchers shared proof-of-concept (PoC) e… Continue reading Cisco security devices targeted with CVE-2020-3580 PoC exploit→

MindAPI makes API security research and testing easier

Posted on April 6, 2021 by Zeljka Zorz

Security researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier. “I love mind maps. They help me create a fine-tuned methodology and keep the mind organized,&#822… Continue reading MindAPI makes API security research and testing easier→

2021 Hacker Report: Hackers are not just driven by money

Posted on March 10, 2021 by Help Net Security

HackerOne released its 2021 Hacker Report that reveals a 63% increase in the number of hackers submitting vulnerabilities in 2020. As organizations’ attack surfaces have shifted due to pandemic led digital transformation, hackers have adapted and zeroe… Continue reading 2021 Hacker Report: Hackers are not just driven by money→

Naked Security Live – When is a bug bounty not a bug bounty?

Posted on February 15, 2021 by Paul Ducklin

Latest episode – watch now! Continue reading Naked Security Live – When is a bug bounty not a bug bounty?→

How much is a vulnerability worth?

Posted on January 25, 2021 by Help Net Security

As part of its crowdsourced security program, Zoom has recently increased the maximum payout for vulnerabilities to $50,000. Such figures make great headlines and attract new talent in search of the big bucks, but here is a question that begs to be ans… Continue reading How much is a vulnerability worth?→

The effectiveness of vulnerability disclosure and exploit development

Posted on November 19, 2020 by Help Net Security

New research into what happens after a new software vulnerability is discovered provides an unprecedented window into the outcomes and effectiveness of responsible vulnerability disclosure and exploit development. The analysis of 473 publicly exploited… Continue reading The effectiveness of vulnerability disclosure and exploit development→