Detectify Crowdsource is our crowdsourced security initiative that allows us to implement white-hat hacker knowledge into our service and work with 100+ of the world’s best ethical . Read our community manager Kristian Bremberg’s to find out what’s been going on in the Crowdsource community the past month.

- CS August stats 1024x795 - Detectify Crowdsource Monthly Recap | August 2017 Breaks New Records

marks the best month so far

In August, submissions from Detectify Crowdsource generated more than 100 unique hits in total, which is a all-time high! never sleeps, so a big thank you to all our Crowdsource hackers for submitting new vulnerabilities that helped our users.

finding: URL path traversal due to url-encoded slashes

Nearly half of the hits were generated by one single module: URL path traversal due to url-encoded slashes. The submission itself is not critical, but can easily be used together with other vulnerabilities, which could lead to severe consequences. The vulnerability relies within certain load balancers configuration, which makes it possible to append paths via path traversal so that data (such as tokens) in the URL can be leaked to an attacker’s website.

Severe Flash vulnerabilities

August was also the month of severe Flash vulnerabilities. A great deal of them were submitted to the platform, such as XSS vulnerabilities in bookContent.swf, ZeroClipboard.swf and Jplayer. This proves that Flash is a dying technology with increasing amount of vulnerabilities, and we hope that this trend keeps rising; more submissions for technologies that are disappearing from the Internet, such as Flash, Java and Silverlight.

This month’s CS Hacker: Evgeny Morozov

We would also like to thank Evgeny Morozov, a highly skilled hacker in Crowdsource, who found a vulnerability which made it possible to validate a domain in Detectify by using a DNS spoofing vulnerability.

For this, Evgeny earned a place in our Hall of Fame.

Big plans for the future

The team behind Detectify Crowdsource has planned the roadmap for the upcoming years. We aim to make Crowdsource the ultimate bug bounty experience, and have a lot of plans on how the platform should develop in the future. We believe in the idea to include real, top skilled hackers in building a security tool, which means its authentic white-hat knowledge that will make the Internet a more secure place.

We’re looking for more researchers

If you’re ready for a new challenge in your bug bounty life, we recommend you to try out Detectify Crowdsource. We are inviting the best hackers from all over the world to join our platform – and all competences are welcomed. With your unique way of hacking, you can both make the Internet a secure place while earning a bounty along the way! If you think you have what it takes, please write a short introduction to [email protected], and we will get back to you if your skillset is relevant for our platform.

Read more: How to become a Crowdsource hacker 
That’s all for now!



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here