 consisted of understanding the principle of JS hoisting mechanism and bypassing the security to execute a function in order to recover the flag. This DOJO was created by one of our community members. Thanks to him for this great challenge!

 You want to create your own DOJO and publish it? Send us a message on 

We are glad to announce the #14 DOJO Challenge winners list.

The best writeups reports were submitted by: 

 feeds to be notified of the upcoming challenges.

Read on to find the best write-up as well as the challenge author’s recommendations.

We all know how prototype works, but, is this really a proto here?

We asked you to produce a qualified write-up report explaining the logic allowing such exploitation. This write-up serves two purposes:

Determine the contestant ability to properly describe a vulnerability and its vectors inside a professionally redacted report. This capacity gives us invaluable hints on your own, unique, talent as a bug hunter.

‘sreport was well detailed and really useful to understand the logic of this challenge. All the steps are clearly explained and it’s very useful for everyone to understand how he went about solving this DOJO.

‘s were also very nice, we’re sorry can’t publish them all because that’s where you clearly witness the outstanding creativity of our community.

. The Javascript [2] that was running on the page generated a flag that was hidden.

 [3] with the task of printing out the flag to the page.
The 

 [4]. The Javascript code had not defined the variable “

 wasen’t executed. This method keeped the flag hidden.

The user has the ability to input a value into the “

“. The user can also execute Javascript by inserting a semicolon (;) that ends the value of “

” and gives the advantage to craft custom Javascript code to gather the hidden flag. However the variable “

 by the original Javascript code before the 

The problem is that Javascript has a process that allocates memory for variable and function declarations prior to execution of the code. This means that Javascript has the “

” variable in it’s memory by it’s default value (“

 [5] which creates a vulnerability inside the Javascript code. This is because the user is able to 

 will execute and expose the hidden flag to the user.

The vulnerability is possible because Javascript’s Hoisting prior to execution of the code.

When the attacker change the value of “

” and break out with the semicolon to execute custom Javascript in the code. The following payload 1337;function/**/showFlag(){} will set the “

When the Javascript code has done it’s Hoisting process it’s then executing the code. Since the variable “

 will run sucessfully and expose the hidden flag.

The image below shows the process, exploitation and the exposed flag.

The impact of this vulnerability is that an attacker is able to break out from the user input and execute custom crafted Javascript which leads to an XSS. By using this ability the attacker is able to exploit the Hoisting process that Javascript do before the code is executed.
This leads to the flag being exposed to the attacker.

https://portswigger.net/web-security/cross-site-scripting

https://developer.mozilla.org/en-US/docs/Learn/JavaScript/First_steps/What_is_JavaScript

https://www.w3schools.com/js/js_if_else.asp

 – *W3 Schools, “JavaScript if else and else if”

https://www.w3schools.com/js/js_variables.asp

https://developer.mozilla.org/en-US/docs/Glossary/Hoisting

DOJO CHALLENGE #14 Winners!

● As one of Indonesia’s leading e-wallet, DANA provides an open platform infrastructure for payments, which allows all users, both merchants and consumers, to make non-cash and non-card transactions.

’s over 30,000 global security researchers will now be able to participate in the public program to identify potential vulnerabilities in the DANA e-wallet.

– one of Indonesia’s leading fintech organisations, to secure DANA’s e-wallet and discover vulnerabilities typically missed in traditional security audits. A young tech-savvy generation is accelerating seamless digital payment experiences in Indonesia. Apart from convenience, access to technology is helping some of the previously unbanked population get access to financial services that were not possible just a few years ago.

DANA provides an open platform infrastructure for payments, which allows all users, both merchants and consumers, to make non-cash and non-card transactions easily, safely and efficiently in one application. The number of DANA’s e-wallet users increased from 40 million before the pandemic to 80 million in mid-August this year.

 “Powering the Acceleration of Digital-First Experiences”

 highlighted that seventy-eight percent of Indonesians prefer e-wallets due to the speed of transactions and convenience. Indonesia’s central bank, Bank Indonesia,

 in its report that the amount of digital transactions was US$9.2 billion during the first half of 2021. This was a 41 percent increase compared to the same period last year.

As digital innovations make the world a faster, better, and much more efficient place to work and live, businesses need to be transparent with their users. The focus is shifting towards security threats and how best to handle them. In a survey conducted in 2019 within the Asia Pacific region by

, 58.7 percent of the surveyed small businesses in Indonesia thought it was likely that a cyber attack would occur in 2020.

Cybercriminals are more motivated than ever to steal personally identifiable information, and the fintech sector is one of the most targeted verticals. Cybersecurity has always been a priority for DANA. The company started with a private bug bounty program, inviting selected researchers to vet their e-wallet. DANA is now taking additional steps in providing transparency and security to its customers by moving to a 

, inviting over 30,000 global security researchers through the YesWeHack platform.

“Millions of Indonesians trust us with their personal and financial information, and we take this responsibility very seriously. We have invited thousands of security researchers from across the world to find vulnerabilities in the DANA e-wallet. The public bug bounty program from YesWeHack is run continuously so that every new update is checked. This protects our user’s data and prevents security mishaps,” said Andri Purnomo, VP of Information Security at DANA.

“Businesses and consumers across Southeast Asia, and especially in Indonesia, have leapfrogged several generations by adopting e-wallets as their preferred payment channel. However, this rapid digitisation should not come at the cost of any compromises in security,” said Kevin Gallerin, Managing Director, APAC at YesWeHack. “DANA’s public bug bounty program will go a long way in establishing trust and securing their wallet for millions of Indonesians,” he added.

Founded in 2015, YesWeHack is the #1 European Bug Bounty & VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with bug bounty (pay-per-vulnerability discovered), connecting tens of thousands cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices. YesWeHack runs private and public programs for hundreds of organizations worldwide in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers support in creating a Vulnerability Disclosure Policy (VDP), a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU. For more information: 

Want to discuss crowdsourced security with our experts?

DANA invites thousands of global security experts to test its e-wallet

 and general security testing. Given the wide range of available plugins, we have launched a series called “PimpMyBurp” to present our selection of Burp Suite extensions.

Yes, exploitation is a part of Bug hunting process, but redaction is probably the most important part. The report is the final stage which should reflect all the operational work that has taken place upstream: description of the context of the discovery, the endpoints, the requests and the Proof of Concept (PoC). We can automate a lot of things for recognition, but why can’t we do it for the writing part too? This is the question 

 for Burp Suite, which he released to the community a few days ago.

First, you need to download the latest release of RIO 

. The file is a JAR, so once downloaded, you can add the plugin to Burp Suite by clicking on 

. In the new window, select the file and at the end you should see a new tab called “

The RIO extension has its own tab on Burp Suite

In this tab, you can edit & save your templates. In reality you could also use your favorite text editor to do it but you might as well do it directly in the plugin since it’s possible.

The template is in markdown. It is a convenient way to write reports and is used by all your favourite 

The RIO extension supports many keywords, which allows you to adapt and create your own template in a complete way. For example, you can choose to display only the host, a specific header, a POST request, the parameters of the request… All the documentation on keywords 

I strongly recommend that you prepare generic templates but also templates for 

” vulnerabilities. This way, you will have the basic template to have the main structure of your report and you will only have to fill in the small details useful to the understanding of the report.

Template generation in RIOT extension on Repeater tab

Your PoC is ready, so is your model… How about generating the report in the final format in markdown? To do this, just go to the 

tab and choose the query you want to demonstrate on your PoC. Click on 

You will then automatically see the template of your report pre-filled with all the elements you have indicated in the structure: 

host, urls, request, parameters, server response…

 Now all you need to do is copy and paste this report into your favourite platform and fill in the strings between 

We hope you have discovered a new extension and that many of you will use it! Thanks again to 

! As always, don’t hesitate to send us a 

 to suggest new extensions that we will be happy to test!

PimpMyBurp #6 : Generate your reports directly in Burp Suite with RIO

 is partnering with ZTE Corporation to confront new security challenges brought by the 5G network commercialization. Through its bug bounty platform, YesWeHack will invite over 30,000 global security researchers to secure ZTE’s products further and discover vulnerabilities typically missed in traditional security audits.

Cybersecurity is always a fundamental factor in the telecoms industry. It has become even more critical because the deployment of 5G sees an increase in the potential attack surfaces and threat landscape with the introduction of new technologies, techniques and capabilities. In addition, the ability of 5G to support massive IoT connectivity introduces many times more devices connected to the network, presenting a wide-reaching and increased attack surface.

 is a major international telecommunications provider and builds mobile internet technology solutions for enterprises and consumers. The telecommunications giant has expanded its bug bounty program in partnership with 

, the first European crowdsourced security platform.

ZTE integrates its capabilities and expertise across handsets, mobile broadband, terminal chipset modules, and peripheral products to create a more intelligent 5G ecosystem. YesWeHack’s vast cybersecurity research community will help identify potential vulnerabilities in ZTE Products. This partnership highlights ZTE’s commitment to building a sound cybersecurity governance structure and creating an end-to-end security assurance mechanism for all product life cycle phases.

“Through openness and transparency, we try to give our customers confidence by letting them see what we do and how we provide end-to-end security,” said Zhong Hong, the Chief Security Officer at ZTE. “Our partnership with YesWeHack will help to enhance the security of ZTE’s products and confront new challenges brought by the 5G network commercialization,” he added.

This bug bounty program for ZTE products rewards up to €2000 for critical bugs in several product categories such as 5G Common Core, 5G NR, Fixed Network, Multimedia, Cloud Video, Cloud Computing, Database management Systems and Terminal products.

“We share ZTE’s commitment to providing their customers with secure and trustworthy products and services. The richness and diversity of the YesWeHack community offer the spectrum of skills required to cover the full range of perimeters, whether hardware or applications. Furthermore, as a significant player in the industry, ZTE is keenly aware of cybersecurity issues from the very beginning and continues to enhance its internal security governance by implementing security by design and security by default,” said Kevin Gallerin, APAC Managing Director, YesWeHack

Cybersecurity is one of the highest priorities of ZTE’s product development and delivery business units. As a result, ZTE has established a holistic cybersecurity governance structure underpinning the company’s development strategy.

Xu Ziyang, CEO of ZTE Corporation, highlighted the importance of intrinsic security in his keynote speech “Fuel the Digitalization, Endow with Intelligence”, delivered at Mobile World Congress 2021. “Intrinsic security acts as a self-sensing, self-adaptive, and self-evolving immune system for networks. Built during network construction, it offers multiple security functions and can evolve automatically during network operation, thus constantly guaranteeing the security, services, and data”, he said.

ZTE Corporation expands its Bug Bounty in partnership with YesWeHack

The pressure to innovate continues to build across industries and businesses of all sizes are catalysing a digital mindset to accelerate their transformation. Organisations with a high baseline of digital maturity have a better competitive advantage, and they adapt faster to changing market conditions. However, as businesses become digitally mature, they will have to deal with the alarming increase in cyber threats – forcing conversations on data ownership, privacy, security, transparency, and trust.

 highlights that investing early to build flexible AND secure infrastructure capabilities is central to digital transformation. They will inevitably enlarge their attack surface as they build out more robust digital assets, capabilities, and ecosystems. This is likely why cybersecurity is also the top priority for higher-maturity organisations since they have more exposed assets to monitor and secure.

However, workforce shortages exist for almost every position within cybersecurity. A 

Frost & Sullivan Global Information Security Workforce Study

 reveals that we are on pace to reach a cybersecurity workforce gap of 1.8 million by 2022, a 20% increase over the forecast made in 2015. There will be a desperate shortage of people who can design secure systems, write safe computer code and create the ever more sophisticated tools needed to prevent, detect, mitigate and reconstitute from damage due to system failures and malicious acts.

That is why bug bounty programs play a crucial role in establishing the right balance between mitigating risk and enabling business innovation. Leveraging the worldwide community of security researchers working 24/7 can help you secure applications at scale before malicious hackers exploit vulnerabilities. It is a dramatic shift from traditional security audits such as pentests. Traditional testing models cannot meet the demands of modern agile development methodologies. They are expensive, resource-intensive, and are only a point-in-time assessment. With pentesting, you must wait a few weeks to complete the tests and the final report. As soon as the information comes out, the findings may become obsolete. And some critical vulnerabilities slip through even the most mature application security programs.

Bug bounty drives agility within the organisation, and at the same time, meets the never-ending demands of those customers who trust you with their personal information. In short: it’s a must for digital businesses.

Here are Three Ways to Increase Profits by Driving Agility with Bug Bounty Programs:

Get Access to an Army of Global Security Experts 

Traditional pentests do not address the talent shortage. Quite the contrary, pentesting providers suffer from the same lack of skills as their clients. As a result, traditional auditing approaches lack an effervescence of ideas and the needed complementary skills. Hence bug bounty programs offer a modern solution since testing is not limited to one ethical hacker or a limited set of testers. Thousands of global security researchers (or ethical hackers) work or can be handpicked and rotated on a given scope with various approaches. Researchers use their creativity to detect many flaws that would otherwise be missed because of the naturally limited skillet of a small pentesting team.

Likewise, it is increasingly challenging to find skilled penetration testers at short notice before a new release. Moreover, applications today utilise multiple technologies. One person cannot be an expert in all of them, so having a diverse range of people with a broad skillset testing the software makes more sense. It’s like having a large army of security researchers who are incentivised to spend time deep-diving into an application searching for more technical, complex vulnerabilities, which isn’t the case in running regular pentests.

When asked what made them choose bug bounty over pentests, a cybersecurity expert from a leading publisher of cybersecurity solutions 

that their operations must reflect the strong cybersecurity practices they endorse to their customers. “

About two years ago, we decided to move to continuous monitoring, both to improve the security of our applications and reassure our customers. Bug Bounty was the natural choice to underpin this modern cybersecurity strateg

y.” Happy with the skillset and experience the community offers, he further added, “

That’s a key point compared to traditional approaches: bug bounty offers an extensive range of skills to ensure that applications are as secure as possible

Since businesses only pay for valid vulnerabilities as defined earlier in the program, bug bounty is also cost-effective to secure applications and increase the bottom line.

Benefit From In-Depth Vulnerabilities Reports

Businesses must constantly evolve to meet changing business models, new regulatory requirements, technological innovations, and increased cyberattacks. Cyber security threats and vulnerabilities must be identified, defined, quantified, and managed. Professional pentesters usually have a defined scope and typically follow a standard methodology that assures that the entire breadth of the scope is covered. Unlike professional pentesters, every bug bounty hunter brings their unique expertise to maximise their chances of finding vulnerabilities very quickly – as only the first reporting hunter gets rewarded.

, an instant messaging start-up, highlights that continuous monitoring by expert hunters validating every new update is critical for every business in today’s world. 

“About two years ago, we decided to move to continuous monitoring on 

’s platform, both to improve the security of our applications and reassure our customers. Bug bounty was the natural choice to underpin this modern cybersecurity strategy. If we want to protect our application from hackers, it must be evaluated by researchers who use their exact methods and think like them,

Since bug bounty hunters do not face the time constraint and do not follow a common toolset, they think out-of-the-box to cover different application sections in more depth based on their unique skills and experience. This ensures that products and services released in the market are secure and more likely to win customers trust, hence driving sales.

Drive DevSecOps With Continuous Vulnerability Reports

In a world of accelerated production code deployments, a cumbersome manual traditional security audit may cause delays. Bug bounty programs are more comprehensive than traditional audits and provide continuous feedback since it is platform driven. By categorising, prioritising, and documenting vulnerabilities continuously, the whole remediation process gets streamlined and allow organisations to triage issues efficiently. With standard audits, security teams rarely run a remediation check. If a significant security flaw is discovered, the deployment is delayed until the code is fixed. With bug bounty, the risk prioritisation will be higher, which will be passed on to the support team to fix the vulnerability. Post-deployment of the fix, the hunters will retest the application to check if the bug was fixed.

The same cybersecurity expert from a leading publisher of cybersecurity solutions 

that the reports written by the bug bounty researchers detail precisely the vulnerabilities found and how to fix them. 

“The bug bounty model is a much more agile approach than traditional methods. We can’t be agile when we’re doing pentests. Bug Bounty has ultimately allowed us to launch an actual monitoring process for DevSecOps. Moreover, we can provide agile, in-depth security in collaboration with all stakeholders without overly impacting them, with continuous improvement in mind,” 

says a leading European cyber security expert,” he said.

With bug bounty programs, security teams can run tests at any time and get confirmation of remediation quickly. This responsiveness and availability can add significant value to building, testing, and improving products, thus driving higher business profits.

More Resources on Increasing the Return on Security Investments With Bug Bounty Programs

As digital innovations make the world a faster, better, and much more efficient place to work and live, the focus is shifting towards security threats and how best to handle them. A secure and hardened IT environment helps gain customers’ trust in the long run. To understand how to maximise the return on investment (ROI) of bug bounty programs, 

“Five Reasons Bug Bounty Improves the Return on Security Investments “

Cybercrime has become industrialised, and attackers are highly prepared to create immense damage. Business and security teams need to come together to protect the organisation. Here are three ways that 

bug bounty programs can cost-effectively build transparency and improve accountability within the organisation.

A 2020 Cyber Readiness Report highlighted that companies lost $1.8 billion to cybercrime in 2019. Failures and abuses of security, privacy, and trust are rising as businesses worldwide accelerate digital transformation. Access to security experts who can work with you closely and identify threats quickly is the need of the hour. Here are 

three ways bug bounty programs can give your business the much-needed security reality check

The global pandemic has accelerated digital transformation, exposing organisations’ #vulnerabilities that threaten their existence. The complexity of security threats has increased rapidly over the years, making bug bounty programs a must to achieve greater security.

 Here are three ways to stretch your security budget further with bug bounty programs.

The traditional castle-and-moat approach to #cybersecurity cannot keep up with an ever-expanding attack surface and sophisticated cyberattacks. In the face of limited security budgets, understand how bug bounty programs can remove inefficiencies, reduce overhead costs, and free up resources to be deployed productively across other projects. 

Here are three ways to reduce overhead costs and resources with bug bounty programs.

To find out more, contact one of our Bug Bounty experts:

 is a Global Bug Bounty & VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting tens of thousands cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices. YesWeHack runs private (invitation based only) programs and public programs for hundreds of organisations worldwide in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers: support in creating a 

, a learning platform for ethical hackers called 

 and a training platform for educational institutions, 

3 Ways to Increase Profits by Driving Agility with Bug Bounty Programs

 was about to bypassing blacklist and using prototype pollution vulnerability and execute alert(). This DOJO was created by one of our community members. Thanks to him for this great challenge!

We are glad to announce the #13 DOJO Challenge winners list.

XSS (Cross-Site Scripting) vulnerability occurs when attacker is able to inject his own JavaScript code into webpage source causing it’s execution in victim browser. Commonly XSS may be used to execute actions “as victim”, but combined with other misconfiguration can lead to user’s session takeover.

In DOJO Challenge #13 hunters were given a task to bypassing blacklist and using prototype pollution vulnerability execute alert() on webpage.

The only parameter controlled by user is $config also there are a blacklist containing two characters: and _. The flow of a task consists of:

Creating new object named options with _allowExecute property set to false

Assigning jsonified user input to config variable

Performing copying of config properties into options object

Checking if options._allowExecute value is strictly in-equal to true. Then if check is passed, script will delete options.code property.

At the end of script if options.code is defined, it’s value is parsed as new Function and then executed.

At first we need to use alternative approach for prototype pollution as we are unable to use __proto__ property due to defined blacklist. But as Object.__proto__ and Object.constructor.prototype can be used interchangeably – which can be checked using simple strict comparison in Web Browser Console:

As prototype pollution vulnerability allows us to change prototype of object, not object on it’s own, setting code property using previously mentioned vulnerability cause that delete will not work for it, as it is not the attribute of options object but it’s prototype.

Now as we now that prototype code property will not be deleted we can proceed to execution of exploit.

https://developer.mozilla.org/en-US/docs/Learn/JavaScript/Objects/Object_prototypes

DOJO CHALLENGE #13 Winners!

 with many improvements over the first version. Now, we are in cruising speed and the PwnMachine is evolving little by little with the addition of patches but also of some useful features! For example, since the last version you can now export/import files from the web interface and also add a custom Docker image from a Git repository.

Directly from the web interface, you can now download and upload files from any volume. This can be useful when you need to transfer a word list or a specific configuration for some of your tools for example. It can also be interesting when you want to export the data from these volumes (for a bakup) and reuse them later if necessary.

In the first version, it was not possible to choose your own docker file. This is now possible! You can now import an image directly from a git repository containing a Dockerfile or from a tarball, simply by specifying the repository URL.

We also made a lot of improvements and bug fixes on the kernel and on the client side validation part to avoid errors during configuration.

Be sure to check out the documentation and our blog post to learn 

PwnMachine: quick update about fix and new features

New technology helps create a competitive advantage for organisations. Business leaders are looking beyond their organisation’s current tech capabilities and modernising legacy enterprise systems. In an article on ‘

’, Deloitte highlights that the distinction between corporate strategy and technology strategy is blurring. With technology driving transformation, creating long-term sustainable value can only be possible by unifying business and technology strategies to cocreate exponential value for companies.

One of the biggest hurdles to this transformation is that the traditional castle-and-moat approach to cybersecurity cannot keep up with the increase in an ever-expanding attack surface and sophisticated cyberattacks. Businesses are moving towards a zero-trust architecture, but they lack the creativity and motivations of black hat hackers. Innovative alternatives that leverage the creativity of human intelligence at scale to combat the malicious motives of adversaries are needed. However, in the face of inherently limited budgets, most cybersecurity teams fail to include a conventional security audit’s indirect cost. Overinvesting in pentests and underinvesting in complexity reduction. With lawyers, contracts, rules of engagement, etc., penetration testing has become bureaucratic. Penetration testing projects may take months to negotiate across different vendors, while a bug bounty program can identify dozens of vulnerabilities in that same period.

So what are bug bounty programs? These programs have transformed the cybersecurity field by building partnerships with white hat hackers to minimise digital risk. This model is a perfect combination of skill sets and experience at scale – resulting in a rapid vulnerability discovery across multiple attack surfaces. With this approach, organisations receive prioritised vulnerabilities, actionable information and remediation advice throughout the process to improve the security posture.

The bug bounty model has been widely accepted across sectors and has experienced radical acceptance in the last years. For instance, companies such as 

rewarded security researchers with millions of dollars as bug bounty awards over the past few years. Several more organisations are running their bug bounty program and accepting reports from hackers worldwide through bug bounty platforms such as 

. They include emerging startups such as Southeast Asia eCommerce platform 

 “Bug bounty offers the guarantee of continuous checking – and not just punctual testing, which is what you get with ‘traditional’ penetration testing. Suppose I run a two-week penetration test every year. In that case, it implies that we remain ‘unprotected’ for the other 50 weeks, which is no longer acceptable,” 

remarked a Group CISO of a multinational insurance firm when sharing his experience with bug bounty programs.

 “As a complement, automated tests can also be useful but are not sophisticated enough. With bug bounty, I have researchers working permanently on my scopes. This continuity is essential, especially when you have frequent deliveries in an increasingly agile development context,” he added.

Here is how bug bounty programs play a huge role in removing inefficiencies, reducing overhead costs, and freeing up resources to be deployed productively across other projects.

No Anxiety About Vendor and Project Management

Managing a project end-to-end consumes significant time and resources. Generally, organisations conduct several pentests with multiple vendors to achieve satisfying results. This is not only time-consuming but also requires tremendous efforts and resources. Bug bounty platforms like YesWeHack provide a streamlined and optimal framework for organisations to set up security testing engagements meticulously while providing researchers with a straightforward way to submit vulnerabilities. Meanwhile, managing multi-vendor relationships can be tricky and lead to accountability issues. Hard costs are what you pay for, but there are hidden soft costs in terms of operational fees, procurement efforts, project management that can risk losing time and money that could be invested in other important areas.

Having multiple vendors may also mean more implementation and integration time is needed leading to more complexity. With bug bounty programs, organisations can launch quickly and get actionable insights faster while reducing indirect costs and improving security at the same time.

Penetration testing must be scheduled in advance, with a start and end date, and they demand project management. This synchronisation is a real headache, especially with agile developments,

the Group CISO of the multinational insurance firm.

Minimise Complexity With Streamlined Reports

Conventional security audits do not provide streamlined and consistent reports, especially when multiple vendors are involved. This inconsistency makes the process very cumbersome and strains internal resources as they have to consolidate and process the audit reports. More importantly, managing data from multiple vendors can threaten security and cause information leakage. Bug bounty reduces complexity by providing a single interface for surfacing and managing vulnerabilities, whatever the source. When all the administrative tasks are taken care of, including scoping, triaging reports, dealing with false positives, communicating with researchers, and rewarding them on time, internal teams can focus on essential tasks such as fixing vulnerabilities and strengthening organisational security.

YesWeHack’s bug bounty platform simplifies the process by reducing time and costs spent on procurement, project scheduling, and data processing. 

“The YesWeHack platform comes in very handy, with a very intuitive UI. The OVH Cloud team managing the bug bounty gives us excellent feedback on workflow management, report processing, interactions with the hunters, among other features

 Julien Levrard, Security Operations Manager at OVHcloud.

Say ‘No’ to Manual Tasks and a Big ‘Yes’ to Automation

Organisations can easily integrate bug bounty reports into security management systems, eliminating the need for skilled security practitioners indulging in low-value tasks. The good news is everything can be managed through tickets. For instance, YesWeHack’s API allows organisations to integrate bug reports within their favourite tools, processes and workflows in various formats. Teams can close the DevSecOps loop flow with feedback from development teams to security teams. For instance, YesWeHack’s bug tracker integration tool enables the automatic retrieval of public and private comments, updates, rewards and bug status from a bug tracker ticket directly into the corresponding bug bounty report. Security audits become painless since it is easy to export transaction history, control budgets, create beautiful reports, review audit logs and other use cases.

Julien is pleased about the meticulous operations of the bug bounty system and its dashboards and ticketing system, making it easy for the security teams to concentrate on more critical tasks. 

“Thanks to the YesWeHack API, we easily integrated the bug bounty reports into this process: everything is managed by tickets that are viewable on our dashboards and accessible to our external auditors if needed,”

“The APIs make it possible to integrate all useful information into our own tools and dashboards in an automated way, and also track our bonus budget, the activity of each program, etc. At a glance, we’re able to know the status of our programs and report indicators to our management: the bug bounty is fully integrated into our strategy and the steering of our global security,”

“Five Reasons Bug Bounty Improves the Return on Security Investments“

As businesses become digitally mature, they will have to deal with the alarming increase in cyber threats. This forces conversations on data ownership, privacy, security, transparency, and trust. 

Find out how bug bounty drives agility and improves profits for digital businesses.

 is a Global Bug Bounty & VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting tens of thousands cybersecurity experts (ethical hackers) across 170 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.
YesWeHack runs private (invitation based only) programs and public programs for hundreds of organisations worldwide in compliance with the strictest European regulations.

3 Ways to Reduce Overhead Costs and Resources with Bug Bounty Programs

In this article, we will try to provide you with a list of good practices and details to add to your reports before sending them for review. 

This should help you maximise your luck for a faster triage and ensure that the program owner will have all information to reproduce the vulnerability described and decide regarding the reward.

The quality of your report ensures a good, fast and efficient triage. This list could also ensure that you have gone as far as possible in your exploitation to obtain an optimal reward.

Is the vulnerability that I discovered is a part of the scope (domain, mobile application)?

Be careful to respect the scope indicated. Reporting on a vulnerability discovered in a domain or application that is not explicitly listed is generally not allowed by the programs.

Is the reported issue part of the program’s list of non-qualifying vulnerabilities?

Submitting a vulnerability that is clearly listed as a 

 will be probably closed without any reward and ranking points. This report will impact your impact rate. Check this list before submitting your report.

Could the report submitted on this program end up being a duplicate of one of your previous reports?

It may be tempting to submit multiple reports on the same issue. However, these reports could be considered duplicates. If you submit two reports on the same endpoint but with only one different parameter, a single patch will likely be sufficient.

It’s all about the Proof of Concept (PoC)

Now that you are confident that your vulnerability is on the scope and fits the rules of the program, you can think about your report and the PoC you will provide to reproduce it.

Does your Proof of Concept (PoC) have enough detail to allow anyone to reproduce it?

The team that developed the application being tested in the program is not always the same team responsible for reading the reports and reproducing the vulnerabilities. When writing your PoC, it is, therefore, vital to assume that the person who will reproduce your PoC does not know the application inside and out. Your PoC must be able to follow your steps and analysis. 

Have you described the feature you are using? What privileged account do you need to access this feature?

The YesWeHack Blog

DOJO CHALLENGE #14 Winners!

DANA invites thousands of global security experts to test its e-wallet

PimpMyBurp #6 : Generate your reports directly in Burp Suite with RIO

DOJO CHALLENGE #14 Winners!

ZTE Corporation expands its Bug Bounty in partnership with YesWeHack

3 Ways to Increase Profits by Driving Agility with Bug Bounty Programs

DOJO CHALLENGE #13 Winners!

ZTE Corporation expands its Bug Bounty in partnership with YesWeHack

PwnMachine: quick update about fix and new features

3 Ways to Reduce Overhead Costs and Resources with Bug Bounty Programs

Tips for writing your best Bug Bounty report

PwnMachine: quick update about fix and new features

Don't wait for threats to strike

Produits

Chercheurs

Ressources

A propos

Suivez-nous