.

Websites that offer money for bugs.

<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Sep 17, 2012 3:42 am

Websites that offer money for bugs.

Hi All,

I have not seen post like this but it would be cool to have list sites that offer a bounty for any bugs you find.

http://www.etsy.com/help/article/2463


Please post any others..
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Mon Sep 17, 2012 3:53 am

Re: Websites that offer money for bugs.

The following covers most of the major ones I'm aware of, although it doesn't include PayPal:

http://blog.bstpierre.org/bug-bounty-programs

There's also crowd sourced testing platforms such as:

https://www.hatforce.com/services

https://hackaserver.com/

http://www.utest.com/
Last edited by m0wgli on Mon Sep 17, 2012 4:44 am, edited 1 time in total.
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

sh4d0wmanPP

Newbie
Newbie

Posts: 42

Joined: Sat Aug 11, 2012 6:42 am

Post Mon Sep 17, 2012 5:06 am

Re: Websites that offer money for bugs.

I researched this a few years ago and it can be lucrative if you are well skilled at finding vulnerabilities.

Does VUPEN still buys exploits? Could not find it on their site. I only seen vacancies.

I am mostly interested in in the OS/application layer so incentives for website issues not work for me. If anybody knows more companies like VUPEN and ZDI please post.
EXIN ISO/IEC 27002: ISF & ISMAS, ITIL Foundation, Comptia Security+, CCNA, CCNA Security, Wip: OSWP
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Mon Sep 17, 2012 5:23 am

Re: Websites that offer money for bugs.

sh4d0wmanPP wrote:If anybody knows more companies like VUPEN and ZDI please post.


Another one would be Exodus Intelligence.
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Wed Sep 19, 2012 3:43 am

Re: Websites that offer money for bugs.

cool thanks for the links any others
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sat Sep 22, 2012 2:12 am

Re: Websites that offer money for bugs.

m0wgli wrote:The following covers most of the major ones I'm aware of, although it doesn't include PayPal:

http://blog.bstpierre.org/bug-bounty-programs

There's also crowd sourced testing platforms such as:

https://www.hatforce.com/services

https://hackaserver.com/

http://www.utest.com/



uTest is a bad choice, even to refer. They send extreme amounts of e-mail and the projects are based on "who found the bug first" in an unrealistic way even when you most likely found the bug first, but as someone found a bug that may look similar to yours, the uTest staff may say it's the same, meaning you don't get paid. Plus their way of reporting is unreasonable and strange, unless they changed it.

I was signed up for a long time, and never received a security test, except some mobile app project which I wasn't interested in I think. The problem is, you have to do all sorts of crappy projects before you can get any normal projects.

With HatForce, that has a project every now and then, at least you get the jobs that are listed on the site. (Plus it's generally, a lot better and more relaxed there. I only wish they had a lot more projects. But using crowd-sourced penetration testers, is not easy when it comes to getting companies signing a contract.)
Last edited by MaXe on Sat Sep 22, 2012 2:14 am, edited 1 time in total.
I'm an InterN0T'er
<<

Jamie.R

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Mon Aug 06, 2012 9:57 am

Location: UK

Post Mon Sep 24, 2012 4:06 am

Re: Websites that offer money for bugs.

Thanks for the info
| OSWP | eCPPT Silver and Gold | eWPT |

I'm an InterN0T'er

Return to Web Applications

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software