I presented at OWASP AppSec Day 2016, an event run by the OWASP Melbourne Chapter (me!) designed to spread application security knowledge to the general tech community through talks and workshops.
What would happen if we allowed 50 hackers from around the world to hack into our web applications? Is this a crazy idea? We don’t think so, as that’s exactly what we did and it was a great success! Its called a bug bounty program, and is quite a new concept in the industry but gaining traction as it significantly reduces the cost of performing security testing on websites, increases the quality of bugs identified and provides a way to continuously test web apps! In this talk I will take you through an overview of how the program went, lessons learnt and how this program fits into SEEK’s wider application security vision.