Uh, some of these vulnerabilities are critical. And just because corporate signs up for a HackerOne bug bounty doesn't mean that the security engineers managing triage are happy about it. Security analysis and…
Yeah I bet. It would be interesting to see how many U.S. DoD networks have been compromised with Burp Proxy.
HackerOne is complete fraud. They've got a super duper simple carrot before the horse business model which has thousands of kids beating up web apps for free. A valuable service for their Fortune 100 clientele; for the…
No idea which one it was, or both. 23K isn't something to sneeze at though, and would be plenty of incentive for the folk at Portswigger to work with douchebags like whoever this shubby dude is in order to collect these…
Bah there are several closed source plugins for Burp Proxy that are binary only and which constantly relay telemetry data back to Portswigger. I stopped using it for this exact reason, due to Burp Proxy's constant…
The triage was escalated to Rob Fletcher and Uber's security liaison Lindsey Glovin. You're right, Portswigger was running a promo with HackerOne. After I submitted a couple of different vulnerabilities, they then…
Either Uber lied about this guy discovering the flaw so they didn't have to pay me, or Burp Proxy is sending telemetry back to Portswigger with high value vulnerabilities being discovered with the platform. I worked…
HackerOne can force their customers to pay, that's the entire point of their "guaranteed bounty" program, that's it's a guaranteed bounty! Even with a guaranteed bounty and a critical security vulnerability, HackerOne…
Bah no they aren't, HackerOne has a small collective of security testers that they consistently make awards to, over and over again. If you submit a critical vulnerability, magically one of HackerOne's top ranked folk…
HackerOne is complete garbage. I spent close to a month digging into Uber and compromised their m.uber.com mobile endpoint; they hemmed and hawed and then awarded the $25K to another HackerOne top performer stating that…
Uh, some of these vulnerabilities are critical. And just because corporate signs up for a HackerOne bug bounty doesn't mean that the security engineers managing triage are happy about it. Security analysis and…
Yeah I bet. It would be interesting to see how many U.S. DoD networks have been compromised with Burp Proxy.
HackerOne is complete fraud. They've got a super duper simple carrot before the horse business model which has thousands of kids beating up web apps for free. A valuable service for their Fortune 100 clientele; for the…
No idea which one it was, or both. 23K isn't something to sneeze at though, and would be plenty of incentive for the folk at Portswigger to work with douchebags like whoever this shubby dude is in order to collect these…
Bah there are several closed source plugins for Burp Proxy that are binary only and which constantly relay telemetry data back to Portswigger. I stopped using it for this exact reason, due to Burp Proxy's constant…
The triage was escalated to Rob Fletcher and Uber's security liaison Lindsey Glovin. You're right, Portswigger was running a promo with HackerOne. After I submitted a couple of different vulnerabilities, they then…
Either Uber lied about this guy discovering the flaw so they didn't have to pay me, or Burp Proxy is sending telemetry back to Portswigger with high value vulnerabilities being discovered with the platform. I worked…
HackerOne can force their customers to pay, that's the entire point of their "guaranteed bounty" program, that's it's a guaranteed bounty! Even with a guaranteed bounty and a critical security vulnerability, HackerOne…
Bah no they aren't, HackerOne has a small collective of security testers that they consistently make awards to, over and over again. If you submit a critical vulnerability, magically one of HackerOne's top ranked folk…
HackerOne is complete garbage. I spent close to a month digging into Uber and compromised their m.uber.com mobile endpoint; they hemmed and hawed and then awarded the $25K to another HackerOne top performer stating that…