Hacking, AppSec, and Bug Bounty newsletter
2017-06-12 | XSS on the rise, Pwn2Own Safari Sandbox, and Raspberry Pi Crypto slaves
Monday, June 12
Happy Monday! Make it a great week.
XSS on the rise? Snyk’s Guy Podjarny points out some interesting notations from their data and also list 5 reasons why Cross Site Scripting isn’t going away anytime soon.
An “algobot”-s GitHub access token was leaked [8 upvotes] - $100 bounty for this report to Algolia by @sainaen.
Flash XSS on global nav [3 upvotes] - no bounty for this report to GM by @mystech7.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Here are my (somewhat controversial) tips how to write a good title for a security vulnerability. #TogetherWeHitHarder - @jobertabma
OTHER ARTICLES WE’RE READING
Linux.MulDrop.14 goes all Jabba The Hutt making Raspberry Pi’s crypto slaves.
Malware on industrial control systems is bad, says Motherboard.
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
"It may be a case companies are doing a little window dressing and taking their security director and now calling them a CISO. It's the same person but a different title.”
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.