Hacking, AppSec, and Bug Bounty newsletter

2017-05-05 | FlexiWHY, XSS for IE11, and telephony troubles

Friday, May 5

Cinco de Mayo on a Friday?! Today is bound to be amazing. Enjoy it!



  • Cloudflare based XSS for IE11 [16 upvotes] - swag award for this report to Cloudflare by @reactors08. Incredible responsiveness and communication from Cloudflare’s team, including this gem “I got ahold of a windows computer (unfortunately) and verified this works.” #bugbountyhumor

  • SSL Key Certificate expires [for] [1 upvote] - no bounty for this report to Dropbox by @honccbb. Closed as informative, but a key point here is the power of hacker-powered security: dozens of researchers combing your stack on the daily, and will let you know when your SSL Key Certs will expire in a few days. It’s like that friendly neighborhood watch.   

Today’s hacker lesson is on “how to get banned from the platform”: submit reports like this

You can see all the latest and greatest disclosures and bounties on



Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.

Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?

Have a news tip / story to highlight? We’d love to hear about it. Email:

Get this email forwarded to you? Click here to subscribe to the Zero Daily


The Law of Two Feet: Any time you're in a meeting where you're not contributing nor adding value--you are encouraged to use your two feet and find a place where you can.

Jonathan Opp,


HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.