I presented on bug bounty programs at an Infrastructure Coders event in Melbourne. The meetup is focused on Infrastructure (DevOps) and is designed for Systems Administrators, Developers, DevOps, Web Operations Engineers and all people who build high traffic websites.
What would happen if we allowed 50 hackers from around the world to hack into our web applications? Is this a crazy idea? We don’t think so, as that’s exactly what we did And it was a great success! Its called a bug bounty program, and is quite a new concept in the industry but gaining traction as it significantly reduces the cost of performing security testing on websites, increases the quality of bugs identified and provides a way to continuously test our web apps! In this talk I will take you through an overview of how the program went, lessons learnt and what’s next.