Discover and read the best of Twitter Threads about #Bugbounty

Most recents (7)

#AppelDeParis pour la confiance et la sécurité dans le cyberespace.

1 an après son lancement par @EmmanuelMacron, l’Appel de Paris enregistre des centaines de soutiens.

L’engagement de la 🇫🇷 continue au @ParisPeaceForum avec @JBLemoyne #ParisCall ⬇️
âž–pariscall.international/fr/
.: Les 9 principes de l’Appel de Paris :.
⬇️⬇️

Protéger les individus et les infrastructures : découvrez comment @112_sos met en œuvre le #principe1 #AppelDeParis pour aider les services d'intervention d'urgence à se protéger des #cyberattaques sur pariscall.international
Protéger l'internet : découvrez comment l'entreprise française @nameshield garantit la résilience du #DNS, l'annuaire de l'internet, au cœur du #principe2 #AppelDeParis sur pariscall.international
Read 10 tweets
It's absolutely dishonest when a company offers a position but do not tell how much they gonna pay you.

They make you waste your precious time preparing and sending CVs and even testing your remotely.

A job is a bilateral contract: it has to be good for them as well is for you.
I'm tired to see that in @LinkedIn. Hey @GoDaddy, I'm talking about you too!
They take you who are interested in get a job and make you go through their processes. When you are finally accepted, it will be too late for you to drop it since you are about to fix your unemployment situation. No matter if they won't pay you what you want or expect.
Read 6 tweets
There were some days when I wasn't learning anything,I was not satisfied with the way life was going on,then I heard about most challenging certificate in security #OSCP.I read more than 100 reviews of it and everyone was calling it as tough and requires "TRY HARDER" attitude.
I registered 4 it because I want huge kick on my ass.On first day,I don't even know abt port scanning.Yes,I was ok/somewhat good in linux but never went deep into topics which can be used in exploitation,never knew in my life that gathering info is having significant importance.
I see so many people even with experience doesn't pass OSCP on their first attempt so when I was starting my journey I knew it is going to be hell amount of tough for me. But,today I am #OSCP certified and that too on my first attempt. Journey doesn't stop here,it actually starts
Read 9 tweets
Il y a quelques jours @Qwant_FR a sorti la version bêta de #Masq, une solution qui permet aux utilisateurs de stocker les données personnelles utilisées par les applications localement sur leur appareil. betterweb.qwant.com/fr/masq-by-qwa…
Amis hunter, #Masq a été rajouté au #bugbounty organisé par @Qwant_FR sur @yeswehack. Bonne chasse! yeswehack.com/programs/qwant
Le code de #Masq est disponible librement sur @github. Enjoy! github.com/QwantResearch/…
Read 3 tweets
Big spike in chatter about #bugbounty programs over the last 48 hours. That’s a very good thing. I would like to share my thoughts on this topic from the experience I’ve had leading security at a company with ~500 software engineers.
First, thanks to folks like @k8em0 & @caseyjohnellis and companies like @Hacker0x01 & @Bugcrowd - #bugbounty programs can built and managed much easier than they could 5 years ago. But if you are someone who is in a position that can implement a program...
the first question you should ask is: Are we mature enough to do this? That question should not be taken lightly as we saw from the @Uber situation even they were not prepare for the types of situations you will have to deal with.
Read 15 tweets
Excellent post re hunting #bugbounties . These stats show the researcher's persistence & skilling up, & also inadvertently highlights problems w the #bugbounty ecosystem. What other security job only pays for 57% of your work?
"13% reward rate for 1st month, then 25%, then 57%."
I'm a fan of creating incentives. What #bugbounties have turned into is a misinformed (on both hunted & hunter sides) replacement for other security activities. Thoughtful incentives (including but not limited to bounties) creates win-win. The 1st MS bounties had no duplicates.
I love that bug hunters & orgs running bug bounties are using the programs to learn. That's great news. But is it improving security over time, or just outsourcing QA, encouraging sloppier releases & deployments, which lead to more low-hanging fruit, & therefore more duplicates?
Read 6 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!