bug bounty
The DHS is inviting hackers to break into its systems, but there are rules of engagement
The United States Department of Homeland Security (DHS) is inviting security researchers to uncover vulnerabilities and hack into its systems, in an attempt to better protect itself from malicious attacks. The DHS ...
Searching for Bugs in Open Source Code
Let’s dispel the myth first: Open source software isn’t any less secure than closed source software. However, once a vulnerability is found in an open source program, it tends to be much ...
Security Boulevard
Show-Me State Governor Threatens Reporter Who Showed Vulnerability
When the state of Missouri put up a website to allow parents of Missouri schoolchildren to check the credentials of their teachers, the teachers’ names, school affiliations and credentials were visible in ...
Security Boulevard
Finding Sensitive Data Leaks In Code Using ShiftLeft CORE
Getting started with a source code review using ShiftLeft COREPhoto by Roman Synkevych on UnsplashPerforming a source code review is one of the best ways to find security issues in an application. But ...
US Offers Bounty for Tips on State-Sponsored Cybercrime
Last week, the Biden administration announced a ‘new’ Rewards for Justice program offering up to $10 million USD for information relating to those who create and perpetuate ransomware attacks against U.S. infrastructure ...
Security Boulevard
XStream Vulnerabilities — Detection & Mitigation
XStream Vulnerabilities — Detection & MitigationLooking at RCEs in the XStream Java Library and How you can prevent themIntroductionXStream from ThoughtWorks is a simple library to serialize and deserialize objects in XML and JSON format ...
What the Van Buren Case Means For Security Researchers
Mark Rasch | | black hat hackers, bug bounty, Cyberlaw, cybersecurity research, gray hat hacker, Van Buren, white hat hackers
The federal computer crime law prohibits “computer trespass.” This includes both “accessing” a computer without authorization, and “exceeding the scope of authorization” to access a computer. If these terms seem vague and ...
Security Boulevard
Katie Moussouris – Coordinated Vulnerability Disclosure and the Problem with Bug Bounty Platforms
TechSpective Podcast Episode 067 Vulnerabilities are everywhere and they will not be going away. That means they need to be researched and discovered and addressed. But, what is the right way to ...
Human and Software Flaws Leave Remote Workers Vulnerable
Last year was challenging for all of us, both as companies and as individuals. We had to adapt to new norms, including the shift to remote work and increased dependence on the ...
Security Boulevard
Bugcrowd Report Shows Marked Increase in Crowdsourced Security
George V. Hulme | | broken access controls, bug bounty, cross-site scripting, crowdsourced security, iot, mobile devices, Vulnerabilities
The impact of the novel coronavirus pandemic on how enterprises work—and secure their workers and data—will last for years. And while the long-term ramifications are yet to be known, a recent survey ...
Security Boulevard