Last week, Bugcrowd finished up a WordPress mobile bug bounty report that featured four mobile apps and one web backend. It’s important to note bug bounties are very effective for testing mobile apps as well, which isn’t a traditional thought process yet for many mobile teams. Bug bounties have established themselves as a testing tool for most every platform, so its important to note mobile bug bounty penetration testing programs will be a trend to watch!
The prize pool was $10,000 and was sponsored by Bugcrowd to usher in 2014 and provide its security researchers the opportunity to work on their mobile hacking skills.
The area of focus was on-device mobile application security bugs and vulnerabilities in WordPress backend.
Award amounts
1st place = USD 2,000 and 20 points
2nd place = USD 1,500 and 15 points
3rd place = USD 500 and 10 points
All Bugcrowd researchers receive points as well, which accumulate and represent a researcher’s reputation and knowledge in security testing. See a profile example here. This is a unique feature, as it establishes Bugcrowd as a Github/LinkedIn of sorts for security researchers.
For all other valid bugs, if the researcher is first to find and disclose was worth USD $250 or the remainder of the reward pool divided by the number of valid bugs, whichever is lower. 5 points were rewarded for these bugs, and as for valid duplicate bugs, they were given 2 Bugcrowd Kudos points.
Original Wordress Bounty
Last year, Bugcrowd a WordPress bounty that yielded 349 participants, of which 62 unique individuals submitted a total of 243 submissions. 23 unique countries were represented with bug bounty submissions.
That’s some pretty solid participation. What type of stats do you expect once the mobile bounty results are released? Stay tuned!
Casey Ellis, CEO of Bugcrowd, @bugcrowd
Bio: Casey has spent 12 years in information security, servicing clients ranging from startups to multinational corporations as a security and risk consultant and solutions architect. At some point he realized he was quite fond of product and startups and went on to found Bugcrowd Inc, where he now sits as CEO. He likes thinking like a bad guy (while not actually being one).
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.