SOURCE: Bugcrowd

Bugcrowd

July 28, 2015 09:00 ET

Bugcrowd Researchers to Present Key Security Talks at Black Hat USA 2015, DEF CON 23 and BSides Las Vegas

SAN FRANCISCO, CA--(Marketwired - Jul 28, 2015) - Bugcrowd, the innovator in crowdsourced security testing for the enterprise, today announced it will present six new security projects and insights at Black Hat USA 2015 in Las Vegas, Nevada. Bugcrowd's projects will focus on open source intelligence for vulnerability discovery and a new testing box for fuzz lists. Additional talks will detail the insecurity of third party libraries, deconstruct critical vulnerabilities and bug bounty programs, cover tips and tools for bug hunting and discuss how gamification can be used to create effective security programs.

Bugcrowd will also be hosting the Bugcrowd Ops AMA on August 7-8 at Bally's Hotel, and welcomes guests to enjoy food and drinks while getting to know the team. Key attendees include Jason Haddix, director of technical operations; Kymberlee Price, senior director of researcher operations and Abby Mulligan, director of customer success. Attendees will discover how to succeed as a researcher or a program owner at Bugcrowd and dive deep into the world of bug bounties.

Bugcrowd's Black Hat, DEF CON and BSides presentations include:

WHAT: Black Hat Arsenal: Intrigue
WHEN:
Wednesday, August 5, 12:45 - 3:15 p.m. PT
WHERE: Mandalay Bay, Breakers DEJK Station 9
WHO: Jonathan Cran, Vice President of Operations, Bugcrowd

Jonathan Cran will unveil Intrigue -- an API-first framework for intelligence gathering and security research. Penetration testers, bug bounty hunters and security practitioners will find this tool useful and walk away with an open-source framework for open source intelligence (OSINT). Cran will demo Intrigue, detail its architecture and presents results from his security research.

WHAT: STRANGER DANGER! What is the Risk from 3rd Party Libraries?
WHEN:
Wednesday, August 5, 3 - 3:50 p.m. PT
WHERE: Mandalay Bay, South Seas U
WHO: Kymberlee Price, Senior Director of Researcher Operations, Bugcrowd and Jake Kouns, CISO, Risk Based Security

Kymberlee Price and Jake Kouns will present on the insecurity of third party libraries in information security. The follow up releases of Shellshock, POODLE and FREAK pushed vendors to scramble to remediate flaws in third party libraries, proving that vulnerability counts and patch frequency are just the beginning of evaluating product and library security. Price and Kouns will outline how metrics can assist in the evaluation of vendors and products, and provide a scorecard for organizations to understand their effectiveness in managing vulnerabilities.

WHAT: Black Hat Arsenal: SecLists
WHEN:
Wednesday, August 5, 3:30 - 5 p.m. PT
WHERE: Mandalay Bay, Breakers DEJK Station 10
WHO: Jason Haddix, Director of Technical Operations, Bugcrowd and Daniel Miessler, Practice Principal and head of Security Research, HP Fortify on Demand

Jason Haddix and Daniel Miessler will detail their new project called SecLists, a collection of multiple types of lists used during security assessments. Great lists are the secret sauce behind mapping, bruteforcing, web exploitation, etc. With SecLists, security testers are able to pull different list types -- usernames, passwords, URLs, sensitive data grep strings, fuzzing payloads, mapping/discovery, etc. -- onto a new testing box and have access to every type of list that may be needed. SecLists makes security testers less reliant on one tool and more empowered to write their own, enhancing their current testing methodologies.

WHAT: HI THIS IS URGENT PLZ FIX ASAP: Critical Vulnerabilities and Bug Bounty Program
WHEN:
Thursday, August 6, 3:50 - 4:40 p.m. PT
WHERE: Mandalay Bay, South Seas CDF
WHO: Kymberlee Price, Senior Director of Researcher Operations, Bugcrowd

Kymberlee Price will discuss several highly critical vulnerabilities that have been uncovered through a variety of bug bounty programs and their impact on customers. The emergence of bug bounty programs is increasing the volume of vulnerability submissions, yet the general awareness is still far behind. With the help of several researchers and vendors, Price will break down recent highly critical vulnerabilities and debunk some popular misunderstandings around bug bounty programs.

WHAT: DEF CON: How to Shot Web: Web and mobile hacking in 2015
WHEN:
Saturday, August 8, 4 p.m. PT
WHERE: DEF CON 101 Track
WHO: Jason Haddix, Director of Technical Operations, Bugcrowd

Jason Haddix will explore successful tactics and tools used by bug hunters to hack websites and mobile apps. 2014 brought unprecedented participation in crowdsourced and static bug bounty programs, and 2015 will surely outpace this number. Haddix will focus on philosophy, discovery, mapping, tactical fuzzing, CSRF, web services and mobile vulnerabilities. Attendees will learn how to convert edge-case vulnerabilities to practical pwnage, even on presumably heavily tested sites, to become better hackers and to claim more bug bounties.

WHAT: BSides: How Portal Can Change Your Security Forever
WHEN:
Tuesday, August 4, 5 - 5:55 p.m. PT
WHERE: Tuscany Suites, Common Ground (Florentine G)
WHO: Katrina Rozdon, Security Program Manager, Bugcroud

Katrina Rozdon will highlight how, when used correctly, gamification can be used to create effective security programs. From Security Development Lifecycle (SDL) training to bug bounties, and even with getting users to stop opening phishing emails while on the corporate network, Rozdon will discuss how games like Portal and Candy Crush were able to make millions, and how those same techniques can be used to change security as we know it.

Additional Resources:

About Bugcrowd
An innovator in crowdsourced security testing for the enterprise, Bugcrowd harnesses the power of more than 18,000 security researchers to surface critical software vulnerabilities and level the playing field in cybersecurity. Bugcrowd also provides a range of responsible disclosure and managed service options that allow companies to commission a customized security testing program that fits their specific requirements. Bugcrowd's proprietary vulnerability disclosure platform is deployed by Western Union, Pinterest, Drupal and many others. Based in San Francisco, CA, Bugcrowd is backed by Costanoa Venture Capital, Rally Ventures, Paladin Capital Group and Blackbird Ventures. For more information visit www.bugcrowd.com.

Contact Information

  • MEDIA CONTACT
    Anthony Acosta
    LEWIS PR for Bugcrowd
    Email Contact
    (415) 432-2498