Hacking, AppSec, and Bug Bounty newsletter
2017-10-30 | ActiveScan++ update, Reverse CTF fun, and DOM XSS
Monday, October 30
KPMG: Bug bounty programs - not just for Silicon Valley tech companies
Race Condition in Definition Votes [5 upvotes] - swag awarded for this report to Urban Dictionary by @cablej.
Leaking all Personal Details of all Zomato Users through an endpoint [19 upvotes] - $750 bounty for this report to Zomato by @prateek_0490.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Are we secure yet? - @jeremiahg
OTHER ARTICLES WE’RE READING
Security.txt: a method for web security policies, worth sharing again :)
ActiveScan++ can now detect blind Solr/Lucene injection leading to XXE+RCE
Reverse CTF fun, compliments of Jobert Abma
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Matthew Green's team "developed a sophisticated analytic technique called 'making a graduate student read every FIPS document on the CMVP website'." Using this technique, they noted a number of vendors had language indicating these keys were not being generated at each device startup.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.