Friday, July 20
TOP STORY
Burp Suite wants to know what you think the top 10 web hacking techniques of 2017 are. Nominations open. Kudos to them for picking up the banner from @jeremiahg. See the post for 34 links to the current nominations.
HACKTIVITY
Malformed .BSP Access Violation in CS:GO can lead to Remote Code Execution [78 upvotes] - $12,500 bounty for this report to Valve by @chippy.
Path Traversal on Default Installed Rails Application (Asset Pipeline) [29 upvotes] - $1,500 bounty for this report to Ruby on Rails by @orange
OTHER ARTICLES WE’RE READING
House and Senate request follow up on Spectre and Meltdown in letter to CERT specifically related to the Coordinated Vulnerability Disclosure process
Microsoft launched Identity Bounty program. Payouts range from $500 to $100,000. The program “places a premium on security research into this critical technology that powers both consumer and enterprise services.”
Report of the DOJ’s Cyber Digital Task Force was released at the Aspen Security Forum. Some highlights from Politico: The report includes the first public description of how the DOJ will assess and respond to foreign influence operations and also reviews “encryption and other technological impediments to accessing investigative data”.
Congressional research service published a list of helpful links and reports on cybersecurity data, stats, and terms
Base64 prefixes to watch out for list by @tomnomnom
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: zerodaily@hackerone.com
Get this email forwarded to you? Click here to subscribe to the Zero Daily
Modern security depends today on collaborative communication of identities and identity data within and across domains.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.