Welcome to a new era for our CTF training platform 

Designed for a broad spectrum of cybersecurity enthusiasts, from Bug Bounty hunters to CTF champions, the latest iteration of Dojo is set to enhance the experience of creating and engaging with security challenges. With extended support for popular server-side programming languages like PHP, Python and Java, 

Dojo is your indispensable partner for mastering cybersecurity skills

We've rolled out a host of new features, designed to enhance your user experience and encourage greater participation:

: A user-friendly environment and easier navigation.

: A streamlined registration process for quicker access.

Expanded support for back-end vulnerabilities

: Greater flexibility in crafting challenges.

: Engage with challenges created by the community.

The Challenges section offers a more intuitive navigation system coupled with several useful new features.

You can now create challenges in a wider array of programming languages, including PHP, Python, Node.js and HTML, and choose the client-side rendering style that best suits your challenge. This flexibility is essential for designing realistic and engaging cybersecurity puzzles.

Mastering vulnerabilities through hands-on training

, accessible from the homepage, provides an in-depth exploration of various vulnerabilities. For instance, learn about 

 vulnerabilities, their underlying mechanics, and how different programming languages can influence their exploitation.

These practical exercises offer a hands-on approach to mastering the finding and exploitation of vulnerabilities. They also feature challenges that mimic common protection mechanisms.

Understanding how things work 'under the hood' is the most crucial aspect of hacking. 

Dojo offers a unique ability to see in real-time the effects of your actions and attempted attacks

, allowing you to understand what you're trying to achieve rather than blindly attacking. 

Combined with quick tips, clear explanations and code snippets, this makes Dojo an excellent launchpad for budding bug hunters.

Creating a challenge is now more intuitive and flexible. Start by setting up custom configurations and secrets with our startup code feature. Steps:

2. Fill in the challenge details, select the runner and click on 

3. Customise your challenge on the new page with various options.


4. Write the code to your challenge in the 


5. Fine-tune your filters and test their impact on inputs.

tab, you can modify the properties of that filter in the 

7. Test inputs in real-time and enhance challenge complexity with your added filters.


8. Congratulations, you have just created your first Dojo challenge!

Let's start with our very first Dojo v2 challenge: 

. In this challenge our goal is to escape the system command 

 which is running in the Python function 

). The input is then inserted into the Python variable 

, which is filtered one more time by using a short blacklist. The blacklist will stop the code and print 

 if our input contains any of the following characters : 

Now that we have a good understanding of how the code works and what filters are in place, we can start solving the challenge.

However, you are welcome to solve the challenge yourself without a walk-through and return to this article when you have solved it.

To test the WAF, we can simply make an input containing any of the characters the WAF is looking for and see the result:

Now we will instead use a valid value that the application expects to receive from the client:

The blacklist prevents us in various ways from escaping the 

 - but that doesn't mean it's completely safe. We can bypass the blacklist and WAF by specifying the values 

 command and then execute our inject system command. We will run the system command 

 to see if we can see the flag file in the folder we're located in.

Success! We were able to execute our own system command using 

 is within the same folder we are currently working in. Now we open the flag and solve the challenge!

Congrats! You have just earned your first flag and successfully solved the challenge 

Monthly DOJO challenges: A chance to shine

. This allows you to elevate your skills, compete with peers and earn rewards! Here's what you can expect when you manage to solve a Dojo challenge and submit a report:

Gain invitations to private Bug Bounty Programs!

Moreover, each challenge is an opportunity to showcase your skills and learn new ones!

The new Dojo platform offers a much better experience when creating challenges thanks to the new user interface and ability to choose from a wider range of programming languages, as well as the client-side rendering mode.

It therefore provides the opportunity to create more interesting challenges and a superior user experience for both creator and participants. The limitations are almost as good as gone and nothing will now stop you from creating even better challenges. We look forward to seeing the challenges that will now be created by the community.

If you are interested in creating your own monthly challenge for our hunters to tackle, 

Unveiling Dojo v2: Our new CTF and realistic challenge-building framework

Thirty-one valid vulnerabilities across five heavily pentested applications was a strong first-year return for our latest Bug Bounty success story.

Especially so, given that – in line with best practice – the client in question started small before expanding gradually.

Speaking at our recent ‘Client Success Stories’ event in Singapore, the cybersecurity chief at the global retailer of luxury goods recounted how its private Bug Bounty Program (BBP) had materially “enhanced security and increased compliance” and potentially prevented costly breaches.

“The ROI is easy to justify,” read his presentation slides at the Asia-Pacific (APAC) event in October.

The speaker, whose organisation chose to remain anonymous, recalled how in the year before launching the BBP they “received quite a lot” of bug reports via multiple channels. Some ethical hackers asked for financial rewards, but there was no mechanism or policy for paying for vulnerabilities.

The lack of a formal disclosure mechanism was clearly undermining the reporting, prioritisation and remediation of vulnerabilities.

The organisation already did extensive pentesting – “but I wanted to discover what I did not know”, said the head of cybersecurity.

 was duly put to senior management. As well as discussing the organisation’s risk profile and current security testing program, a killer question was posed: if we don’t pay $2,000 for a critical vulnerability now, what will be the cost of malicious exploitation?

The daily attacks mounted by malicious hackers against the organisation put any security concerns about the activities of ethical hackers in perspective. “It’s a matter of 

” attacks will sometimes succeed, he reflected.

With a pilot duly sanctioned, the security team consulted the IT and finance teams, and CIO and CTO, about choosing a crowdsourced security testing platform.

Among other things, they wanted help with budgeting and to compensate for their lack of internal resource and Bug Bounty experience; a program that would dovetail effectively with their internal pentest team; and access to experienced, highly skilled bug hunters.

YesWeHack impressed with its strong use cases, “good feedback from the CTOs I spoke to” and promises of extensive customer support, especially during onboarding. “They did everything I asked for,” said the speaker, “which is why we decided to work with them as a strategic partner.”

’s Bug Bounty case study and several other 

, having an in-house triage team really sealed the deal.

The decision to use YesWeHack was soon vindicated. The program was “super easy to get started”, while the customer-centric support was singled out for praise. The customer success and triage teams did the “heavy lifting” – enabling the busy BBP manager to adopt a fairly hands-off approach to program management.

The manageably modest scope and bug hunter roster left enough time for experimenting and optimising of security testing.

The first critical bug surfaced after 16 days. As the process was gradually optimised, critical bounties were upped from $2,000 to $3,000 after four months, scopes were increased from three to five after six months, and hunter numbers rose from an initial 21 to 222 by the end of the first year.

 was launched in tandem to cover out-of-scope issues.

The first year saw 44 vulnerability reports submitted in total on the pentest-hardened scopes. Some 31 were deemed valid, with 25 warranting a payout. Three vulnerabilities were classified as critical, and a further six were designated as ‘high’ severity. Total rewards so far had reached $15,500, averaging $620.

A $3,000 maximum payout was earned through the discovery in a developer’s GitHub account of a file containing credentials that could have enabled the compromise of internal systems, recounted the speaker.

Another notable and lucrative find – netting the hunter a $2,000 bounty – was a firewall-bypassing remote code execution (RCE) on an API endpoint using Spring Expression Language SpEL.

Bug Bounty hunting can achieve results that are typically elusive to pentesters, said the speaker, because they operate with “no limitations” and offer “multiple testing methodologies from many, many people”.

The speaker also reasoned that, because bug hunters are not (unlike pentesters) whitelisted by firewalls, it forces them to be more creative in bypassing defences. Necessity is indeed the mother of invention.

Nevertheless, the client still saw the value in continuing with traditional pentesting engagements. YesWeHack’s 

The speaker suggested that a Bug Bounty Program’s success hinges on having sufficient platform support and securing internal buy-in by communicating about the Bug Bounty model in an easy-to-understand way. For all the promise of BBPs, he also advises other program managers to carefully manage the expectations of both internal and external stakeholders.

Nevertheless, in this case study expectations were comfortably surpassed. So much so, that the speaker said the ultimate goal was to launch a public program and open the scopes to the entire YesWeHack 

Ready to enhance your company's security and prevent costly breaches? 

Connect with our experts today to launch a Bug Bounty Program

'ROI is easy to justify’: Bug Bounty success story from a luxury goods retailer 

YesWeHack is proud to reveal we are now CREST-accredited for penetration testing services delivered in Asia and EMEA (Europe, Middle East and Africa).

This means our penetration testing services are compliant with stringent, internationally recognised requirements – giving customers strong assurance regarding our technical expertise, competence and professional values.

To become a member of CREST, YesWeHack had to undergo a rigorous accreditation processes covering the policies, processes and competencies involved in delivering pentest-related services.

Membership criteria covers four key areas: operating procedures and standards, personnel security and development, approach to testing and response, and data security.

Among other things, CREST scrutinised our information security certifications, quality management system, contract management, insurance policies, compliance with relevant legislation and our complaint-handling process. YesWeHack provided references from existing customers as part of the process.

The CREST seal of approval gives customers peace of mind about our competence and adherence to the highest professional and ethical standards. Using CREST-accredited providers can sometimes even be a prerequisite to securing commercial contracts, or at least offer a competitive advantage.

These advantages apply regardless of which regions your organisation operates in, since CREST accreditation is recognised and valued around the world.

CREST continually reviews and refines its assessment methods and criteria to reflect evolving threats, technology and best practices, while YesWeHack must demonstrate compliance annually through the membership renewal process.

listed with over 300 CREST-accredited providers

announcement that our Information Security Management System (ISMS) is now officially compliant with ISO/IEC 27017

 – a globally recognised standard for cloud security controls.

Miguel Ania Asenjo, chief information security officer (CISO) at YesWeHack, comments: “CREST membership is a global gold standard within the cybersecurity industry. Together with our latest ISO certification, YesWeHack’s new status as a CREST-accredited provider of pentest services gives customers strong assurance of our ongoing efforts to achieve the highest possible standards of technical competence, data security and professional values.”

“CREST is delighted to welcome YesWeHack as an accredited member company for its penetration testing services,” said Rowland Johnson, president of CREST. “This accreditation provides customers with valuable assurance that the company constantly delivers the highest security services standards.”

 is an international, not-for-profit accreditation and certification body representing the technical information security industry. Founded in the UK in 2006, it now has regional chapters covering the Americas, Asia, Australasia and EMEA.

Centred on four values – capability, capacity, consistency, collaboration – it provides certifications to both organisations and cybersecurity professionals, and engages with governments, regulators and cybersecurity companies worldwide to drive higher industry standards.

 page to find out more about how we strengthen our security and data privacy posture. This includes, among other things, our commitments to GDPR-compliance, state-of-the-art encryption, a secure-by-design model, a zero-trust network and maintaining our 

YesWeHack announces CREST accreditation for pentesting services

Festive Dojo challenge #29: SantaLock winners revealed!

Choosing the right Bug Bounty platform is obviously a pivotal factor in how your organisation fares in its first foray into crowdsourced security testing.

From designing your program rules and selecting testers to handling incoming reports, your platform plays a key role in whether your programs meet and exceed your expectations.

However, your stakeholders – from product owners to development and cyber teams – must also understand and execute their own obligations effectively to maximise your return on investment.

Here are nine key ways you and your teams can ensure the success of your Bug Bounty Program – and how YesWeHack can support you in doing so.

#1 Your teams must understand their roles and responsibilities

The most involved teams will of course be your security team – notably in crafting and finetuning the scopes and rewards grid, liaising with our triage team and validating incoming reports – and developers, who apply fixes using our hunters recommandations and help if needed. Cyber teams will learn new attack methods and threats in the process, while devs will also benefit from the lessons in secure development by the hunters. 

The most advanced programs might "also need your DevOps, SOC and pentesting functions to provide testers with credentials for grey-box testing, or accept and accommodate them conducting tests on “production environments, during off-hours and without a contract,” 

according to Yann Desevedavy, Bug Bounty program manager at Orange France.

Your legal team will be involved during the pre-sales cycle, so better onboard them as soon as you're decided to move forward! Obviously a program manager must be appointed, liaising between your internal resource and the bug bounty platform.

If your program goes public, your communication team (supported by YesWeHack) can promote your initiative as a competitive differentiator – demonstrating your transparency and commitment to security.

Finally, even your recruitment team can leverage Bug Bounty, since application security is an increasingly sought-after skill in the highly competitive jobs market for developers and security professionals.

A dedicated program manager must be appointed from within the security team with the time and capabilities to regularly review bug submissions, keep the program running smoothly and liaise with other teams or departments internally when needed.

Additionally, a back-up program manager should be available when the primary manager is on leave.

The program managers need not be overawed: 

, managing a well-crafted, triaged program needn’t be time-consuming – YesWeHack provides a “fully managed” approach that enables clients to focus on remediation and approving bounties.

#3 A clear, detailed, up-to-date program brief

Your program brief comprises background information about your organisation, program rules, scopes, rewards grid, qualifying and non-qualifying vulnerabilities, and other specific testing requirements like how researchers can get credentials for the purpose of grey-box testing.

The rules should be concise yet sufficiently detailed and leave no room for misinterpretation. This cannot be understated. Vague, incomplete or out-of-date rules can lead hackers to waste time (yours and theirs) asking clarificatory questions – or simply abandon your program in frustration.

Periodic additions of new scopes, qualifying vulnerabilities or increased rewards can sustain or increase researcher engagement and further harden your assets.

Here again, our fully managed service does most of the hard work.

Withings Security Engineer Loic Deleforterie has 

 writing the program brief as the trickiest Bug Bounty challenge of all, but said YesWeHack’s world-class support team “allowed us to get our program out quickly”.

Few things are more critical to a program’s smooth operation than a low-friction triage process – something thankfully provided by YesWehack’s optional in-house triage team. Our 

 triage service, which eliminates duplicate reports, validates bugs, reproduces Proofs of Concept, sets severity and communicates with hunters, frees your team to focus on remediation and improving and expanding the program.

said George Medhurst, program manager for Norway-headquartered global risk management giant DNV

, in relation to YesWeHack’s in-house triage service. “We’ve shown our technical support teams for software products how they deal with things. We’ve learned a lot – for free,” added Medhurst.

But if your team decides to handle triage themselves, you should similarly ensure they’re staffed accordingly so that reports are processed efficiently and hunters are kept informed of their progress.

#5 Transparent reward and payment process 

Slow payment of bounties, underpriced bounties (because severity is set incorrectly) or unjustified rejection of bugs (for instance because of erroneous designations as invalid or duplicates) are, unsurprisingly, a recipe for researchers eschewing your program (even after it migrates to a different platform) and warning their peers to do likewise.

Fortunately, YesWeHack invests heavily in our triage and customer success teams to ensure swift vulnerability assessment, accurate severity ratings and prompt bounty payments.

Your security team should play their part too, by clearly communicating payment processes and managing expectations around timelines for approving, fixing and paying out for vulnerabilities – all things our team can help you with when drafting the program rules.

#6 Integration with internal remediation processes – including your bug tracking tools

Seamless handover of reports to your IT teams for remediation is key to a successful Bug Bounty Program, since it reduces time-to-fix and streamlines your bug management process.

More specifically, a disconnect between your Bug Bounty Program and internal bug tracking tools or processes can create friction that slows down remediation.

YesWeHack’s connectors can integrate bug reports with your security tools – including GitHub, Gitlab, ServiceNow and Jira – to ensure you can instantaneously push bugs, once validated, to your dev team.

Custom integrations through our API can also automate your workflows and help you avoid manual, time-consuming tasks.

Shared ownership of crowdsourced testing brings security and IT development teams together early in the development process, building a collaborative, win-win approach.

Unlike siloed operations that cause friction and misalignments between teams, Bug Bounty can empower teams by increasing their security awareness and unifying their objectives.

The YesWeHack platform facilitates this shared ownership paradigm through built-in collaboration and integration features. Vulnerability reports are accessible and easily trackable from a unified interface, while cyber and dev teams can directly interact with, and learn from, testers. This creates greater security awareness generally and specific, teachable lessons for secure software development.

The upshot is security-conscious developers introducing fewer vulnerabilities early in project lifecycles, and an agile, security-first approach to the development process.

Avoid the frustration of having to pause your program because your wallet is empty, by informing your customer success manager of your budget limitations at the outset. YesWeHack can help you design your program accordingly.

So if you have a strict budgetary ceiling, don’t worry – YesWeHack can help you manage your program to ensure you get the best possible results without ever exceeding your budget.

Nevertheless, it’s always wise to have a plan in place with your finance and/or procurement team in case additional funds are needed during the contract.

#9 Start small, but ultimately target maximum coverage

We always advise customers to start off with a single scope or small number of “modest” scopes, before gradually expanding the program as they gain confidence and become accustomed – with YesWeHack’s guidance – to the crowdsourced security testing model.

Starting with too much attack surface can uncover more vulnerabilities than IT has capacity to remediate – which also creates a headache for the security team. That’s why our customer success team ensures each program (especially an organisation’s first program) meets the client’s unique requirements around security, budget (see above) and remediation capacity.

Nevertheless, the inherent cost-effectiveness of our approach makes eventually subjecting your entire attack surface to testing by tens of thousands of hunters an achievable (and often, desirable) goal. Periodic additions of fresh scopes also helps maintain the continuing engagement of hunters.

Yann Desevedavy advises organisations to “start small but start as soon as possible”.

 For Orange France, comprehensive coverage became the ultimate goal. Given “the thoroughness of the hunters’ testing and the cost-effectiveness of the program, it became clear that we needed to include our entire internet-exposed surface,” said Desevedavy.

Ready to implement a successful first-time Bug Bounty Program in your organisation? 

Connect with our Bug Bounty expert today and take the first step towards enhanced cybersecurity.

9 rules for a successful first-time Bug Bounty Program

YesWeHack’s Information Security Management System (ISMS) is now officially compliant with ISO/IEC 27017 – a globally recognised standard for cloud security controls.

The certification builds on our conformance, since 2022, with ISO/IEC 27001, the definitive standard for implementing an ISMS that enhances protections against cyber threats and vulnerabilities.

We are also delighted to announce that our Singapore office, opened in 2019, is now covered by these certifications. This means our entire ICT infrastructure and all global sites – also in Paris, Rennes and Rouen – are certified as compliant.

What ISO/IEC 27017 certification means for our customers

ISO/IEC 27017 comprises security controls that help organisations address the risks that may arise from their use or delivery of cloud-based services. This InfoSec framework provides cloud-based guidance on 37 controls detailed in ISO/IEC 27002, as well as seven new controls.

Compliance with ISO/IEC 27017 certifies that YesWeHack has successfully implemented advanced information security controls for cloud-based services, whether used internally or delivered to clients and hunters. It also demonstrates we can provide customers with the information and technical support necessary to meet their information security requirements, such as with our services’ shared responsibility model.

Our latest certification strengthens trust in our services – a foundational goal for YesWeHack – and helps customers achieve or maintain their own compliance with ISO/IEC 27017.

We achieved compliance with ISO/IEC 27017 following rigorous risk and compliance assessments, which enabled us to enhance our control framework, then an audit by a third-party certification body. Ongoing certification will be maintained via annual audits and renewed at least every three years.

Our latest certificates and statements of applicability for ISO/IEC 27001 andISO/IEC 27017 can be provided on demand.

“Compliance with ISO/IEC 27017 is a major milestone that further bolsters our security posture and helps to vindicate the trust our customers place in us,” comments 

, Chief Technology Officer (CTO) at YesWeHack. “But that’s not the end of the journey. Compliance, in line with our ethos, is a continuous process – requiring continuous vigilance, continuous evaluation and continuous improvement.”

 to find out more about how we strengthen our security and data privacy posture. This includes, among others, sections on GDPR-compliance, state-of-the-art encryption, a secure-by-design model, a zero-trust network and a YesWeHack-focused Bug Bounty program.

In related news, we’ve also become a certified member of CREST. Stay tuned for another blog post next month explaining how our pentest services are compliant with stringent, best-practice security requirements.

YesWeHack secures ISO/IEC 27017 certification to boost trust in our cloud-based services

“If I’m a hunter, is this worth my time and effort?”

Rather than overreacting to the “modest” level of hunter activity at the outset of 

, who oversees the assurance and risk management specialist’s BBP, took the perspective of an ethical hacker – to impressive effect.

’ event in Stockholm, Medhurst told senior security professionals in the Nordic region how tweaks to the program description and more hunter invites – increased to 80 from an initial 20 – sparked a surge in reports.

And these were generally high-quality reports too, especially from a prolific hunter who the DNV team dubbed ‘Wreck it Ralph’. “How clear he was with his reports, the intelligence behind it”, and so many ways of escalating privileges, said Medhurst – “we laughed at his ingenuity”.

At the time of speaking, Medhurst, DNV’s Head of Program Management and Testing, Digital Solutions, said the pilot program had generated 55 vulnerability reports, of which 24 warranted a payout – collectively totalling €9,000. A great return on investment, Medhurst concluded.

After a modest beginning, these numbers had been achieved within 18 months of launch, which in turn came only six months after Medhurst became aware (via a pentester) of Bug Bounty. “The concept resonated with me immediately,” he recalled.

Before committing to YesWeHack, concerns about budgetary constraints and securing sign-off from decision-makers were soon allayed by the enthusiasm of DNV’s development team and assurances from YesWeHack – which we subsequently lived up to.

For instance, YesWeHack provided “a lot of handholding and guidance” on assessing scopes and suggested they weren’t attractive enough when incoming bugs began as a trickle.

When reports really started to flow, the triage team worked efficiently to avoid blockages and help developers prioritise the most critical vulnerabilities. “I think it’s world class,” Medhurst said of the in-house triage service. “We’ve shown our technical support teams for software products how they deal with things. We’ve learned a lot – for free.”

Guided by YesWeHack, the vulnerability management process has become increasingly streamlined too, added Medhurst.

DNV, a global brand headquartered in Norway, has derived benefits beyond each remediation’s closure of a single attack vector. They sometimes create automated tests for specific vulnerabilities, for instance.

Supported by an internal ‘security champions’ network, sharing hunters’ findings with developers and pentesters has also made development more secure and improved security testing – in effect creating a positive “feedback loop”, noted Medhurst.

DNV, which is also the world’s largest classification society for the maritime sector, is currently working on strengthening this feedback loop, adding two programs to the existing three and introducing maturity KPIs.

Success factors for the pilot were getting “funding principles in place straightaway, getting buy-in from developers and senior management, and having a strong relationship with the CSM and triage team”, said Medhurst.

In case your program does start strongly – and DNV’s latest BBP began with eight reports on day one – Medhurst advised attendees to “be ready to respond” when you go live.

He also suggested there was more to attracting hunters than offering enticing scopes and bounty grids. “Relationships matter,” said Medhurst, with speed of response, clarity of communication and fairness of rewards pivotal to building trust.

Finally, as we pointed out in a recent article that 

, budgetary constraints needn’t be a dealbreaker when considering whether to launch a BBP. “Don’t worry about running out of budget,” advised Medhurst. “Go with whatever budget you’re willing to invest and you’ll be pleasantly surprised!”

Explore the benefits of a Bug Bounty program for your organisation with our team of experts! 

Quantity AND quality

'A lot of handholding'

Positive feedback loop

"Triage was world class": Bug Bounty success story from risk-management giant DNV 

In the spirit of festive fun, we're excited to unveil the YesWeHack Advent Calendar, brimming with surprises, Christmas-themed trivia and insightful Bug Bounty tips and highlights. Best of all: we've packed it with a variety of challenges, catering not only to our dedicated hackers but to all our cherished followers. Don’t worry, dear hackers, a separate, special DOJO challenge, exclusively designed for you, awaits its grand reveal on December 24th.

Let the countdown to Christmas begin with a blend of fun and thrilling challenges!

In the meantime, let us introduce you to the YesWeHack Advent Calendar game rules!

 7 of the 24 Advent calendar squares will reveal an Advent Calendar Game challenge.

 Points will be awarded to the first 3 participants to correctly complete each challenge. The number of points awarded for each challenge may vary and will be announced at the time of each challenge.

 After the final challenge, the 3 participants with the highest number of points accumulated from all the Advent Calendar Game challenges will win prizes.

Challenges will be posted on YesWeHack's Twitter and LinkedIn accounts.

Participants should submit their responses as comments on the challenge posts on LinkedIn or Twitter.

The first 3 participants to answer each challenge correctly on either platform will win the points allocated for that challenge.

 Nintendo Switch Lite + Rains x YesWeHack Weekend Bag + YesWeHack Full Swag Pack

 Logitech G PRO X Gaming Headset + Rains x YesWeHack Weekend Bag + YesWeHack Full Swag Pack

The YesWeHack Blog

Unveiling Dojo v2: Our new CTF and realistic challenge-building framework

'ROI is easy to justify’: Bug Bounty success story from a luxury goods retailer

YesWeHack announces CREST accreditation for pentesting services

Unveiling Dojo v2: Our new CTF and realistic challenge-building framework

Festive Dojo challenge #29: SantaLock winners revealed!

9 rules for a successful first-time Bug Bounty Program

YesWeHack secures ISO/IEC 27017 certification to boost trust in our cloud-based services

Festive Dojo challenge #29: SantaLock winners revealed!

"Triage was world class": Bug Bounty success story from risk-management giant DNV

Introducing the YesWeHack Advent Calendar: 24 Days of Challenges and Festive Fun!

Busting Bug Bounty misconceptions

"Triage was world class": Bug Bounty success story from risk-management giant DNV

Don't wait for threats to strike

Produits

Chercheurs

Ressources

A propos

Suivez-nous