The Ethical Hacker Network - Websites that offer money for bugs.

Latest Additions

Who's Online

Jamie.R

Sr. Member

Offline

Posts: 429

Websites that offer money for bugs.

« on: September 17, 2012, 03:42:03 AM »

Hi All,

I have not seen post like this but it would be cool to have list sites that offer a bounty for any bugs you find.

http://www.etsy.com/help/article/2463

Please post any others..


	Logged

OSWP | Hackingdojo Nidan | eCPPT

m0wgli

Full Member

Offline

Posts: 248

Re: Websites that offer money for bugs.

« Reply #1 on: September 17, 2012, 03:53:38 AM »

The following covers most of the major ones I'm aware of, although it doesn't include PayPal:

http://blog.bstpierre.org/bug-bounty-programs

There's also crowd sourced testing platforms such as:

https://www.hatforce.com/services

https://hackaserver.com/

http://www.utest.com/


« Last Edit: September 17, 2012, 04:44:49 AM by m0wgli »	Logged

Security + | OSWP | eCPPT | CSTA

sh4d0wmanPP

Newbie

Offline

Posts: 42

Re: Websites that offer money for bugs.

« Reply #2 on: September 17, 2012, 05:06:38 AM »

I researched this a few years ago and it can be lucrative if you are well skilled at finding vulnerabilities.

Does VUPEN still buys exploits? Could not find it on their site. I only seen vacancies.

I am mostly interested in in the OS/application layer so incentives for website issues not work for me. If anybody knows more companies like VUPEN and ZDI please post.


	Logged

EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP

UNIX

Hero Member

Offline

Posts: 1235

Re: Websites that offer money for bugs.

« Reply #3 on: September 17, 2012, 05:23:20 AM »

Quote from: sh4d0wmanPP on September 17, 2012, 05:06:38 AM

If anybody knows more companies like VUPEN and ZDI please post.

Another one would be Exodus Intelligence.


	Logged

Jamie.R

Sr. Member

Offline

Posts: 429

Re: Websites that offer money for bugs.

« Reply #4 on: September 19, 2012, 03:43:58 AM »

cool thanks for the links any others


	Logged

OSWP | Hackingdojo Nidan | eCPPT

MaXe

Hero Member

Offline

Posts: 669

I've just upgraded myself to a cyborg muahahaa!!1

Re: Websites that offer money for bugs.

« Reply #5 on: September 22, 2012, 02:12:49 AM »

Quote from: m0wgli on September 17, 2012, 03:53:38 AM

uTest is a bad choice, even to refer. They send extreme amounts of e-mail and the projects are based on "who found the bug first" in an unrealistic way even when you most likely found the bug first, but as someone found a bug that may look similar to yours, the uTest staff may say it's the same, meaning you don't get paid. Plus their way of reporting is unreasonable and strange, unless they changed it.

I was signed up for a long time, and never received a security test, except some mobile app project which I wasn't interested in I think. The problem is, you have to do all sorts of crappy projects before you can get any normal projects.

With HatForce, that has a project every now and then, at least you get the jobs that are listed on the site. (Plus it's generally, a lot better and more relaxed there. I only wish they had a lot more projects. But using crowd-sourced penetration testers, is not easy when it comes to getting companies signing a contract.)