Hacking, AppSec, and Bug Bounty newsletter
2017-05-19 | 5K error page, Wannakey, and Hypponen’s Law
Friday, May 19
Short and sweet today. Happy Friday!
“?deb=trace” to a 404 URL gave researcher access to internal debug information on static.corp.google.com. Worth $5K. Read the full story.
Amazon S3 bucket misconfiguration (share) [9 upvotes] - no bounty for this report to Zomato by @glc. Fastest ticket ever?
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity.
TWEET OF THE DAY
"There will always be vulnerabilities. Programmers are humans, humans make mistakes." - @mikko
OTHER ARTICLES WE’RE READING
Wannakey: Recover the prime numbers of the RSA private key that are used by WC.
Joint US-Dutch cybersecurity researchers can apply for $2.6M in funding
Researcher to Zomato: “Please bug bounty better”.
Troy Hunt weekly update #35
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Whenever an appliance is described as “smart”, it’s vulnerable.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.