I recently spoke at NDC Sydney 2017 and TConf 2017, Australian developer and tester conferences, about how bug bounty programs can be a great control to reduce security issues within web and mobile applications.
It covered how to run a bug bounty program, their pro’s and con’s and an update on seek.com.au’s program, including a show and tell of a few recent bugs that have been reported…
Talk description
What would happen if we allowed 50 hackers from around the world to hack into our web applications? Is this a crazy idea? We don’t think so, as that’s exactly what we did and it was a great success!
Its called a bug bounty program, and is quite a new concept in the industry but gaining traction as it significantly reduces the cost of performing security testing on websites, increases the quality of bugs identified and provides a way to continuously test web apps! In this talk I will take you through an overview of how the program went, lessons learnt and how this program fits into SEEK’s wider application security vision.
Link to slides from NDC Sydney 2017
Link to slides from TConf 2017