I recently spoke at NDC Sydney 2017 and TConf 2017, Australian developer and tester conferences, about how bug bounty programs can be a great control to reduce security issues within web and mobile applications.
It covered how to run a bug bounty program, their pro’s and con’s and an update on seek.com.au’s program, including a show and tell of a few recent bugs that have been reported…
What would happen if we allowed 50 hackers from around the world to hack into our web applications? Is this a crazy idea? We don’t think so, as that’s exactly what we did and it was a great success!
Its called a bug bounty program, and is quite a new concept in the industry but gaining traction as it significantly reduces the cost of performing security testing on websites, increases the quality of bugs identified and provides a way to continuously test web apps! In this talk I will take you through an overview of how the program went, lessons learnt and how this program fits into SEEK’s wider application security vision.