Hacking, AppSec, and Bug Bounty newsletter
2017-10-30 | ActiveScan++ update, Reverse CTF fun, and DOM XSS
Monday, October 30
KPMG: Bug bounty programs - not just for Silicon Valley tech companies
Race Condition in Definition Votes [5 upvotes] - swag awarded for this report to Urban Dictionary by @cablej.
Leaking all Personal Details of all Zomato Users through an endpoint [19 upvotes] - $750 bounty for this report to Zomato by @prateek_0490.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
TWEET OF THE DAY
Are we secure yet? - @jeremiahg
OTHER ARTICLES WE’RE READING
Security.txt: a method for web security policies, worth sharing again :)
ActiveScan++ can now detect blind Solr/Lucene injection leading to XXE+RCE
Reverse CTF fun, compliments of Jobert Abma
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Matthew Green's team "developed a sophisticated analytic technique called 'making a graduate student read every FIPS document on the CMVP website'." Using this technique, they noted a number of vendors had language indicating these keys were not being generated at each device startup.