Bug Bounty

PostgreSQL Database Exfiltration through the abuse of PostgREST requests

by Samuele Gugliottain bug-bounty,security-testing,ethical-hacking,writeup

Full Account Takeover of ANY user via Insecure Direct Object Reference (IDOR) on reset password functionality

by Samuele Gugliottain bug-bounty,security-testing,ethical-hacking,writeup

BitNinja bug bounty program launched on our platform a few days ago, so far more than 100 ethical hackers have joined. Why the ethical hackers like this program? What are the most important factors in building up your bug bounty program?

by Balazs Poznerin bug-bounty,security-testing,ethical-hacking,hackrate

The purpose of the next few lines is to give some tips for those who just started diving into hacking. The topic is divided into two parts. Firstly, I would like to present one way to build an elementary knowledge base; then, I’ll give you an idea of how you can use it in bug bounty.

by Balazs Poznerin bug-bounty,ethical-hacking,getting-started

How can I measure the security level of our IT systems? Should I change our pentester company every year? Where should I store the results of pentest reports? Are these questions familiar to you? If so, keep reading.

by Balazs Poznerin bug-bounty,ciso,security-testing,ethical-hacking