With the enormous rise in Cyber Security threats online, many companies are at threat of their online databases being targeted and breached or are even susceptible to attackers defacing their website or using it to compromise visitors’ devices by using the website as a platform to deploy malicious software.
This increase in online threats has brought about a new pool of talent, as well as a number of companies who are providing a platform for those who aspire to learn more or take advantage of their Cyber Security skillset which is called Open-Source Penetration Testing. These companies provide the opportunity for participants to take part in a challenge, which is referred to as a ‘bug bounty’.
In this challenge, a company (e.g. Microsoft, or even much smaller companies) can provide a scope detailing their concerns, whether it be a website, an application or even a subsite (e.g. management.company.com) which they would like testing. The bug bounty host (e.g. HackerOne) will ensure that this is consistent and agreed between the company and the bug bounty participants.
There are different outputs from this – many companies offer a reward in return for participants finding bugs in their respective applications, and there have been occasions where bug bounty participants have made a significant amount of money for finding a serious security vulnerability which could be resolved peacefully as a result of this challenge.
Bug bounties are continuously growing and continue to provide hackers, regardless of their experience, with the incentive to use their skillset for a good purpose and provide meaningful rewards for doing so in a safe manner. These kinds of challenges will continue to grow as cyber risk becomes more prevalent, and it proves extremely valuable to provide hackers, both ethical and not-so ethical, the opportunity to use their skillset for a good purpose.