I recently spoke at NDC Sydney 2017, an Australian developer conference about how bug bounty programs can be a great control to reduce security issues within your web applications. It covered how to run a bug bounty program, their pro’s and con’s and an update on seek.com.au’s program including a show and tell of a few recent bugs that have been reported!

Talk description

What would happen if we allowed 50 hackers from around the world to hack into our web applications? Is this a crazy idea? We don’t think so, as that’s exactly what we did and it was a great success!

Its called a bug bounty program, and is quite a new concept in the industry but gaining traction as it significantly reduces the cost of performing security testing on websites, increases the quality of bugs identified and provides a way to continuously test web apps! In this talk I will take you through an overview of how the program went, lessons learnt and how this program fits into SEEK’s wider application security vision.

Link to slides.

Newer Articles
Older Articles