Bug Bounty Radar

Have you heard about the daily bug bounty programs that invite programmers to find out issues with the software or app they have developed? Today we’re going to talk about some of the best bug bounties offered this monsoon laid to developers by big companies.

These bug bounty programs are hitting the market and you know what is going on right now. Right? If we talk about how many companies that are offering these programmers this year are as follows:

 

Aadhaar
Apple – Lockdown Mode
BKEX
ClickHouse
Monash University
Onfido
SideFX
ZBWeb

Lockdown Mode

Apple

 

Vulnerabilities can be disclosed by our Anti-Spyware Tech via the Security Bounty Program. This program is known as Lockdown Mode, which has been shown in its teaser. The rewards for finding vulnerabilities in this technology will be up to $2 million. Well, that’s a great deal!

Users will get this Lockdown Mode Tech in their iOS 16, iPad 16, and macOS Ventura. It’s extreme protection for those who are facing grave threats related to digital security.

MONASH UNIVERSITY BUG BOUNTY

The Monash University of Australia unleashed a new bug bounty program. This program is purposely targeted to enhance its defenses against cyber-attacks affecting the education industry. Well, just like this many competitors have entered into such programs to upgrade their security logs, instead of pitching for upgrading their promotional content.

AADHAAR BUG BOUNTY

Well, how come India is going to be set on the backside when talking about upgradation in technology related to online services? Security is a must whether you’re online or offline.

The brands have joined hands with each other to launch a bug bounty program for two new rewards for the digital identity market and those are:

Aadhar is the biggest digital ID program which provides services to over 1.3 billion Indian residencies. Wishing to join this private bug bounty program can apply via the UIDAI website.  However, there’s a qualification requirement that needs to be fulfilled which is “Candidates should be on the list of Top 100 of the bug bounty leaderboards. There, the leaderboards should be like HackerOne and Bugcrowd. However, if the attackers are listed in the bounty programs conducted by reputed companies such as:

  • Microsoft
  • Google
  • Facebook
  • Apple

Bug bounty programs in Aug 2022

A month ago, several bug bounty programs entered the market. Some of them are listed below.

Platforms Platforms Platforms Platforms Platforms Platforms Platforms Platforms
Aadhaar

Apple – Lockdown Mode

BKEX

ClickHouse

Monash University

Onfido

SideFX

ZBWeb

 

 

HackenProof Bugcrowd Bugcrowd YesWeHack Hacker­­­One HackenProof
Public Public Public Private Public Public
$10,000 $2,500 $2,500 TBD $3,500 $5,000
This is one of the biggest global digital asset trading platforms, where you’ll get more than 1,200 cryptocurrencies. It’s an open source, column-oriented OLAP database management system. Moreover, it allows users to create analytical reports via SQL queries. Spotlight on the public program is the open source version of the ClickHouse platform. A Public Bug Bounty program has been unleashed to support maintaining the security of its digital portals. One that launched this program was Monash University in Melbourne, Australia. Onfido, which is one of the Digital Identity Verification Companies has introduced a bug bounty program. In this program, YesWeHack is a partner, who disclosed vulnerabilities in European Security. Houdini’s developer is SideFX, which is Canada-oriented. It’s a 3D Animation Software utilized in filming, tv, ads, and video games. ZB.com is a global digital trading platform founded in back the year 2013. It supports the exchange and management of digital assets all around the world.
This company’s new bug bounty program is loaded with a range of in-scope web attack vectors, including:

Remote Code Execution (RCE), SQL injection vulnerabilities, file inclusion, access control issues, Server-Side Request Forgery (SSRF), Cross-Site Request Forgery (CSRF), Cross-Site Scripting (XSS), directory traversal.

Check out the BKEX bug bounty page for more details

ClickHouse- None of the techs is perfect, whereas in ClickHouse’s belief, working with professional security researchers around the world is important to identify vulnerabilities in any tech. ClickHouse is excited to let you join as a security researcher to support in identifying weaknesses in their open source assets. Monash University’s web domain and mobile apps are some of the targets of In-scope. Moreover, several techs of Monash which are utilized by the institute involving VPN and FileShare are also on the radar. Commenting on the partnership, Alex Valle, chief product officer at Onfido, said: “Security and compliance are essential to our mission of creating a more open world, where identity is the key to online access, and we are always looking for ways to strengthen this.”

Check out our earlier coverage for more details

Only vulnerabilities discovered in the company’s main web domain, sidefx.com, are applicable under the terms of this new bug bounty program.

Check out the SideFX bug bounty page for more details

 

In-scope web vulnerabilities include business logic issues, payment manipulation, RCE, SQL injection, access control issues, SSRF, CSRF, XSS, and other vulnerabilities with a “clear potential loss”.

Check out the ZBWeb bug bounty page for more details

 

 

 

As you can see, there are several companies offering developers some special jobs to do to support their skills as a pro. You can join such programs to test your skills. Maybe you can be one of those lucky developers that can become specialists in the mentioned big companies. Go for it, Now!

Leave a Reply

Your email address will not be published.