Take a Virtual, Interactive Tour 

money, Bug Bounty

  |  
3 Min Read

Bug Bounties in 2020

bug_bounty-100701715-largeCross-site scripting (XSS) has taken the cake in 2020 for being the most impactful vulnerability and thus the one reaping the highest rewards for ethical hackers this year for the second year in a row. This is all according to a list of Top 10 Vulnerabilities released on Thursday by HackerOne.

The vulnerability which enabled attackers to inject client-side scripts into web pages viewed by other users – earned hackers 4.2 million in total bug-bounty awards in the last year, with a 26-percent increase from what was paid out in 2019 for finding XSS flaws, according to the report.

Aside from XSS following on that list of top 10’s was information disclosure, Server-Side Request Forgery (SSRF), insecure direct object reference (IDOR), privilege escalation, SQL injection, improper authentication, code injection and cross-site request forgery (CSRF).

All in all, companies paid ethical hackers $23.5 million in bug bounties for all of these flaws this year, according to HackerOne, which maintains a database of 200,000 vulnerabilities found by hackers.

Attackers may use XSS vulnerabilities to gain control of online user’s accounts and steal PII, this includes passwords, bank numbers, credit card info, Social Security numbers and the like. While they account for 18 percent of all reported vulnerabilities, ethical hackers are actually underpaid for finding them, according to HackerOne.

“Indeed, even large tech companies who were historically resistant to being transparent about their product’s security protocols have warmed to the idea of awarding ethical hackers for their work. Both Apple (Links to an external site.) and ByteDance’s TikTok (Links to an external site.) rolled out public, award-based bug-bounty programs in the last 12 months.”

Sources:

https://threatpost.com/bug-bounty-awards-spike-2020/160719/

Comment

Bitcoin: Economy - Part 2

Part 2 of 4 – In this post, I discuss the value of Bitcoin as well as how the economy works.
Picture of Gage Roland Gage Roland 3 Min Read

Bitcoin: What is bitcoin? - Part 1

Part 1 of 4 – A beginner's introduction into Bitcoin; the anonymous cryptocurrency.
Picture of Gage Roland Gage Roland 3 Min Read