Raising Awareness Among Development Teams: Hack Day with Scania and YesWeHack in Stockholm
April 27, 2023
On April 24th, 2023, YesWeHack, the Global Bug Bounty & VDP platform, teamed up with Scania, Sweden-based leading provider of sustainable transport solutions, to organise a hack day in Södertälje, south of Stockholm, Sweden. The event aimed to promote ethical hacking and cybersecurity among Scania employees and proved to be a great success in many ways.
Introduction to ethical hacking 👨💻
In recent years, Bug Bounty programs have become increasingly popular among organisations as a way to enhance their cybersecurity posture. With Bug Bounty, organisations can crowdsource their security testing by inviting ethical hackers, also known as researchers, to find vulnerabilities in their information systems, in exchange for monetary rewards. YesWeHack currently has over 45,000 ethical hackers registered on its Bug Bounty platform, ensuring a wide range of skills to its customers worldwide.
Following this introduction to Bug Bounty, Alex Brumen, Researcher Enablement Analyst at YesWeHack, put on his ethical hacker hat to initiate Scania employees to hacking techniques and tools. From reconnaissance to exploitation, Alex covered everything attendees needed to know about hacking, including the mindset and methods of a hacker. Here are some key takeaways from his presentation:
- A successful Bug Bounty hunter must be able to think creatively and outside the box. He needs to be able to identify vulnerabilities that others may have missed.
- Reconnaissance is a critical first step in any hacking methodology. By gathering as much information as possible about the target, a hacker can identify potential vulnerabilities and attack vectors.
- It’s important to have a well-defined methodology when approaching a target. This helps ensure that no stone is left unturned and that all potential vulnerabilities are identified.
- There are many tools available to help hackers with their work, from automated scanners to custom scripts. However, a skilled hacker knows when to use these tools and when to rely on their own intuition and expertise.
Are you looking to enhance your skills and gain new knowledge? Check out our blog posts that are focused on hacker techniques or explore our DOJO training platform.
🔎 Bug Bounty workshop
After the theoretical part, it was time to put it all into practice! Around 40 developers from Scania were given the opportunity to try to hack their own scopes, using the techniques they had just heard about.
This was a fun and engaging experience for Scania employees, who enjoyed learning how to hack, but also gained a deeper understanding of attackers’ thought processes. Besides, meeting and talking to a bug hunter raised awareness of the importance of cybersecurity among the development team, making the event informative and valuable.
Last but not least, this hacking session helped to foster a sense of community between Scania and YesWeHack, as both companies were able to collaborate and learn from each other throughout the day.
Lesson learned from this hack day 💡
This hack day was a huge success, since the main objective was met: to highlight the key role of ethical hacking and cybersecurity in today’s digital age. By teaching employees how to hack and encouraging the implementation of Bug Bounty programs, organisations can adopt a proactive approach to cybersecurity and ensure that their systems are better secure from potential threats.
For Scania, it was also a positive step in its DevSecOps journey, as the company is in the process of shifting left. The intention is to include security directly in the development process, thus allowing continuous development and continuous testing.
Congratulations to Scania for taking this significant step in securing its systems. We’re looking forward to more collaborative efforts in the future!
Scania is a world-leading provider of sustainable transport solutions, including trucks and buses for heavy transport applications combined with an extensive product-related service offering. Scania offers vehicle financing, insurance, and rental services to enable their customers to focus on their core business. Scania is also a leading provider of industrial and marine engines.
Employing more than 50,000 people in about 100 countries, Scania’s research and development is concentrated in Sweden, while production takes place in Europe and South America. Their purpose is to drive the shift towards a sustainable transport system. More information on: https://www.scania.com/group/en/home.html
Would you like to have more information about YesWeHack’s Bug Bounty platform? Click the button below to schedule a demo with one of our experts.
Founded in 2015, YesWeHack is a Global Bug Bounty & VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting tens of thousands of cybersecurity experts (ethical hackers) across 170 countries with organisations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.
YesWeHack runs private (invitation based only) programs and public programs for hundreds of organisations worldwide in compliance with the strictest European regulations.
In addition to the Bug Bounty platform, YesWeHack also offers: a creation and management solution for Vulnerability Disclosure Policy (VDP), a Pentest Management Platform, a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.