Hacking, AppSec, and Bug Bounty newsletter
2017-09-20 | Forseti, HVACKer, and Leading enterprise security blindspots
Wednesday, September 20
Spotify introduces Forseti: an open source security toolkit for Google Cloud Platform, developed in partnership with Google.
Race Conditions in OAuth 2 API implementations [19 upvotes] - $2,500 bounty for this report to The Internet by @dor1s. Read and re-read. Impressive dedication by this hacker!
Unauthorized update of merchants' information via /php/merchant_details.php [10 upvotes] - $200 bounty for this report to Zomato by @nbsp.
Always read the bug bounties awarded by "The Internet" on @Hacker0x01 - Scott Piper, @0xdabbad00
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
A good article about how the US government is gaining momentum on bug bounties & vulnerability disclosure policies - @mattcutts
OTHER ARTICLES WE’RE READING
Leading enterprise security blindspots survey results by Bitglass
Bug Bounty Forum, AMA with @geekboy
CVE worthy? iTerm2 feature “Perform DNS lookups to check if URLs are valid’
HVACKer: Bridging the Air-Gap by Manipulating the Environment Temperature
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: email@example.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
“Maybe platforms should pay bug bonuses for moral or ethical exploits, not just technical exploits: they should broaden the question 'how can bad people break this?'