Bug Bounty Programs

h4x0r w4rri0r.com
VulnerabilitiesSecurity Bug and Exposures
- Improper Input ValidationNever trust user input!
- Improper AuthenticationWho you are!
- Improper AuthorizationWhat you can access!
- Lack of EncryptionEncoding information!
- Security MisconfigurationIncorrect arrangement!
- Information ExposureError allows to break!
- Business Logic Errors and MisuseUnderstand the business!
- Insecure DeserializationThe reverse process!
- Insufficient Logging and MonitoringAnalyse specific incident!
- Memory Corruption and LeakIncorrectly manages allocation!
- Insecure Interfaces and ServicesThe exposure of data!
- Social Engineering and Human ErrorExploits human psychology!
Exploits Attacker Controller
- Win32 / Win64 Windows 32-bit and 64-bit Application
- Linux x64 / Linux x86 Linux 64-bit and 86-bit Extension
- OpenBSD / NetBSD BSD Operating Systems
- OS X - ppc / OS X - x86 PowerPC and Intel x86-based Macintosh
- AIX / UnixWare 32-bit/64-bit Multiplatform UNIX
- Solaris - SPARC / Solaris - x86 Solaris SPARC-based and x86-based
- Zero Day Exploits Unknown Vulnerability
- Remote Exploits Without Prior Access
- Local Exploits Requires Prior Access
- Web Application Exploits Compromised Web Applications
- Denial of Service (DoS) Resource Unavailable
- Privilege Escalation (EoP) Gain Elevated Access to Resources
Advisories Defense in Depth
- Microsoft Security Microsoft Products Security
- Red Hat Security Red Hat Products Security
- Cisco Security Cisco Products Security
- Oracle Security Oracle Products Security
- Apache Security Apache Products Security
- Adobe Security Adobe Products Security
- Apple Security Apple Products Security
- Check Point Security Check Point Products Security
- Google Chrome Security Google Products Security
- Debian Security Debian Products Security
- IBM Security IBM Products Security
- US-CERT Advisories Current Cyber Security
Training Educational Use
- Information Security Certifications That Will Get You A Raise
- Information Security Conferences Exchange of Information and Views
- Information Security Magazines Paper Painting of Modern Security
- Hackers Operating Systems Penetration Testing and Security Auditing
- Best Hackers Movies Forever Passionate Hackers and Crackers in Action
- Security Practical Challenges Testing Knowledge Without Going to Jail
ArsenalHacking Weapons
- Web Application Analysis Where Everybody Belongs
- Wire Network Analysis Information in Wire Transmission
- Wireless Network Analysis Information in Radio Waves
- Malicious Code Analysis Attackers to Disrupt Computer Operation
- Reverse Engineering Analysis Disassemble and Discovering Principles
- Digital Forensic Analysis Investigations of Digital Devices
- Information Gathering Act of Collecting Data
- Network Mapping Generate Network Maps
- Vulnerability Assessment Security Weakness and Threats
- Penetration Testing Exploitation of Security Flaws
- Privilege Escalation Gain Elevated Access to Resources
- Maintaining Access Reconnect Target System

List of World Known Bug Bounty Programs It all started a long time ago. We don’t know who coined the term, but Google made it well-known when they launch their Bug Bounty Program in order to get more secure.

After that, big companies like AT&T, Facebook, Mozilla, Paypal, Samsung, Yandex and others, realised how important Bug Bounty and Disclosure Programs are for their services, products and started implementing them as well.

The advantages for companies that run Bug Bounty Program and security professionals or bug hunters are clear. Companies patch their flaws/vulnerabilities, while security specialists get paid or hall of fame for it. Commercial programs like bug bounty or reward systems but also regular security acknowledgments.

The "updated list of bug bounty and disclosure programs" impact 340+ world known security programs.

UP TO DATED - Together a list of the most notable world known Bug Bounty and Disclosure Programs -

340+ COMPANY SERVICES & PRODUCTS (BUG BOUNTY & REWARDS & SWAGS OFFERED)

COMPANY SERVICES & PRODUCTS	BUG BOUNTY & REWARDS	SWAG[S]	HALL OF FAME
123 Contact Form			[ \/\/ ]
99Designs		[ \/\/ ]	[ \/\/ ]
Abacus			[ \/\/ ]
Acquia			[ \/\/ ]
Active Campaign			[ \/\/ ]
ActiveProspect			[ \/\/ ]
ActiVPN			[ \/\/ ]
Adapcare		[ \/\/ ]
Adobe			[ \/\/ ]
AeroFS			[ \/\/ ]
Aerohive		[ \/\/ ]
Agora Ciudadana Security			[ \/\/ ]
Airbnb		[ \/\/ ]
Alcyon		[ \/\/ ]
Altervista			[ \/\/ ]
Amazon Web Services		[ \/\/ ]	[ \/\/ ]
ANCILE Solutions Inc.			[ \/\/ ]
Android Free Apps			[ \/\/ ]
Aptible (2) (3)	[ \/\/ ]		[ \/\/ ]
Appcelerator			[ \/\/ ]
Apple			[ \/\/ ]
Apptentive		[ \/\/ ]
Asana	[ \/\/ ]
Atlas	[ \/\/ ]		[ \/\/ ]
AT&T Corporation	[ \/\/ ]	[ \/\/ ]	[ \/\/ ]
Attack Secure		[ \/\/ ]	[ \/\/ ]
Automattic Security			[ \/\/ ]
Avast! - 2014 AntiVirus	[ \/\/ ]
Avira			[ \/\/ ]
Badoo	[ \/\/ ]		[ \/\/ ]
Barracuda Networks	[ \/\/ ]		[ \/\/ ]
Base			[ \/\/ ]
Basecamp			[ \/\/ ]
BattleNET EU		[ \/\/ ]
Beanstalk			[ \/\/ ]
BeSnappy			[ \/\/ ]
Bitcasa			[ \/\/ ]
Bitcoin.DE		[ \/\/ ]	[ \/\/ ]
Bittrex	[ \/\/ ]		[ \/\/ ]
BitWall			[ \/\/ ]
Blackberry			[ \/\/ ]
Blackboard		[ \/\/ ]	[ \/\/ ]
BlinkSale			[ \/\/ ]
Blogger	[ \/\/ ]		[ \/\/ ]
Box			[ \/\/ ]
Braintree			[ \/\/ ]
BTX Trader	[ \/\/ ]
BudgetSimple	[ \/\/ ]
Buffer			[ \/\/ ]
C2FO			[ \/\/ ]
Campaign Monitor		[ \/\/ ]
Can you XSS this?			[ \/\/ ]
Card			[ \/\/ ]
Chain API			[ \/\/ ]
Chargify			[ \/\/ ]
Chromium Project	[ \/\/ ]		[ \/\/ ]
CircleCi		[ \/\/ ]
Cisco			[ \/\/ ]
Code Climate			[ \/\/ ]
Codex Wordpress			[ \/\/ ]
CodePen			[ \/\/ ]
Coinbase	[ \/\/ ]		[ \/\/ ]
Coindrawer	[ \/\/ ]		[ \/\/ ]
Coinkite	[ \/\/ ]		[ \/\/ ]
Colupon			[ \/\/ ]
Commonsware		[ \/\/ ]
Compilr			[ \/\/ ]
Constant Contact			[ \/\/ ]
Counterparty	[ \/\/ ]
Coupa			[ \/\/ ]
CPanel	[ \/\/ ]
cPaperless			[ \/\/ ]
Cryptocat			[ \/\/ ]
Cupcake			[ \/\/ ]
Customer Insight
Debian Security Tracker			[ \/\/ ]
Dell Secureworks	[ \/\/ ]		[ \/\/ ]
Detectify			[ \/\/ ]
Deutsche Telekom	[ \/\/ ]		[ \/\/ ]
Digital Ocean			[ \/\/ ]
DNN Corporation			[ \/\/ ]
DNSimple			[ \/\/ ]
Donately (API)			[ \/\/ ]
Downstream Analytics		[ \/\/ ]
Dribbble			[ \/\/ ]
Dropbox			[ \/\/ ]
Dropcam			[ \/\/ ]
Dropmyemail		[ \/\/ ]	[ \/\/ ]
Drupal			[ \/\/ ]
eBay			[ \/\/ ]
Eclipse		[ \/\/ ]
eFront eLearning CMS			[ \/\/ ]
Electronic Arts (Games)		[ \/\/ ]
EMC2			[ \/\/ ]
Emptrust			[ \/\/ ]
Engineyard			[ \/\/ ]
EthnoHub		[ \/\/ ]
Etsy	[ \/\/ ]
Eventbrite			[ \/\/ ]
Event Espresso			[ \/\/ ]
Evernote			[ \/\/ ]
Expatistan		[ \/\/ ]	[ \/\/ ]
Facebook WhiteHat	[ \/\/ ]		[ \/\/ ]
FastMail Pty Ltd.	[ \/\/ ]		[ \/\/ ]
FFmpeg			[ \/\/ ]
Flowdock	[ \/\/ ]		[ \/\/ ]
Fluxiom			[ \/\/ ]
Fog Creek			[ \/\/ ]
Form Assembly			[ \/\/ ]
Foursquare			[ \/\/ ]
Foxycart			[ \/\/ ]
Freelancer		[ \/\/ ]	[ \/\/ ]
Gallery	[ \/\/ ]
Gamma		[ \/\/ ]	[ \/\/ ]
Gemeente Wageningen			[ \/\/ ]
Gemfury		[ \/\/ ]	[ \/\/ ]
GetClouder	[ \/\/ ]		[ \/\/ ]
Ghost
Ghostscript	[ \/\/ ]
Giftcards.com			[ \/\/ ]
Github	[ \/\/ ]		[ \/\/ ]
Gimp		[ \/\/ ]	[ \/\/ ]
Gitlab			[ \/\/ ]
Gittip			[ \/\/ ]
Gliph			[ \/\/ ]
GoAnimate			[ \/\/ ]
Google	[ \/\/ ]		[ \/\/ ]
Greenhouse Software Inc	[ \/\/ ]		[ \/\/ ]
Grok Learning			[ \/\/ ]
Hack For Cause			[ \/\/ ]
HakSecurity			[ \/\/ ]
Harmony			[ \/\/ ]
Helpscout	[ \/\/ ]		[ \/\/ ]
Heroku	[ \/\/ ]	[ \/\/ ]	[ \/\/ ]
Hex-Rays	[ \/\/ ]
HoneyDocs			[ \/\/ ]
Honeywell			[ \/\/ ]
Hootsuite			[ \/\/ ]
HTC			[ \/\/ ]
Huawei		[ \/\/ ]	[ \/\/ ]
Hybrid Saas	[ \/\/ ]
IBM			[ \/\/ ]
ICEcoder		[ \/\/ ]
Iconfinder			[ \/\/ ]
ifixit			[ \/\/ ]
Indeed			[ \/\/ ]
Informatiebeveiliging		[ \/\/ ]	[ \/\/ ]
ING NL		[ \/\/ ]	[ \/\/ ]
Instagram	[ \/\/ ]	[ \/\/ ]	[ \/\/ ]
IntegraXor (SCADA)		[ \/\/ ]	[ \/\/ ]
Internetwache			[ \/\/ ]
ITRP			[ \/\/ ]
Jetendo			[ \/\/ ]
Joomla			[ \/\/ ]
jruby	[ \/\/ ]		[ \/\/ ]
Juniper			[ \/\/ ]
Kadince
Kaneva			[ \/\/ ]
Kayako			[ \/\/ ]
Keming Labs			[ \/\/ ]
Kentico			[ \/\/ ]
Keepass			[ \/\/ ]
KPN			[ \/\/ ]
Kraken	[ \/\/ ]		[ \/\/ ]
lastpass		[ \/\/ ]	[ \/\/ ]
LaunchKey	[ \/\/ ]		[ \/\/ ]
Librato			[ \/\/ ]
Lievensberg Hospital			[ \/\/ ]
Liferay			[ \/\/ ]
LinkedIn		[ \/\/ ]	[ \/\/ ]
Logentries			[ \/\/ ]
Localize			[ \/\/ ]
Lookout			[ \/\/ ]
MacOSX Bitcoin LevelDB	[ \/\/ ]
Magento (Ebay Inc)	[ \/\/ ]		[ \/\/ ]
Magix AG			[ \/\/ ]
Mahara			[ \/\/ ]
MailChimp			[ \/\/ ]
ManageWP			[ \/\/ ]
Mandrill App			[ \/\/ ]
Marktplaats	[ \/\/ ]
MasterCoin (+Tools)			[ \/\/ ]
MC-ProHosting			[ \/\/ ]
MediaWiki		[ \/\/ ]	[ \/\/ ]
Medium			[ \/\/ ]
Mega.co.nz	[ \/\/ ]
MeinVZ (Report)		[ \/\/ ]	[ \/\/ ]
Meldium			[ \/\/ ]
Meraki	[ \/\/ ]
Meta Calculator	[ \/\/ ]
Microsoft Bug Bounty	[ \/\/ ]
Microsoft (MSRC)			[ \/\/ ]
Millsap Independent School			[ \/\/ ]
Modus CSR		[ \/\/ ]
Moneybird			[ \/\/ ]
Moodle			[ \/\/ ]
Motorola		[ \/\/ ]	[ \/\/ ]
Mozilla	[ \/\/ ]	[ \/\/ ]	[ \/\/ ]
Myntra			[ \/\/ ]
MyStuff2 App		[ \/\/ ]	[ \/\/ ]
Namazu			[ \/\/ ]
NCSC Netherlands	[ \/\/ ]	[ \/\/ ]
Netagio	[ \/\/ ]
Netflix			[ \/\/ ]
Net Worth Pro	[ \/\/ ]		[ \/\/ ]
Nitrous.IO			[ \/\/ ]
Nokia Siemens Networks		[ \/\/ ]	[ \/\/ ]
Norada			[ \/\/ ]
Nokia Solutions Networks		[ \/\/ ]	[ \/\/ ]
Nvidia		[ \/\/ ]
NZRS			[ \/\/ ]
Oculus VR			[ \/\/ ]
Offensive Security	[ \/\/ ]	[ \/\/ ]
Offers.com		[ \/\/ ]
Olark	[ \/\/ ]	[ \/\/ ]	[ \/\/ ]
Onavo	[ \/\/ ]		[ \/\/ ]
OnePageCRM			[ \/\/ ]
OpenBSD		[ \/\/ ]	[ \/\/ ]
Openclass Knowledge Base			[ \/\/ ]
OpenText			[ \/\/ ]
Open Office			[ \/\/ ]
Opera		[ \/\/ ]	[ \/\/ ]
Oracle			[ \/\/ ]
Orkut	[ \/\/ ]		[ \/\/ ]
Own Cloud			[ \/\/ ]
PacketStorm Security	[ \/\/ ]	[ \/\/ ]
PagerDuty			[ \/\/ ]
Pantheon		[ \/\/ ]
Panzura			[ \/\/ ]
Parley	[ \/\/ ]		[ \/\/ ]
Parse (Facebook)	[ \/\/ ]		[ \/\/ ]
Paychoice			[ \/\/ ]
Paymill	[ \/\/ ]		[ \/\/ ]
Paypal Inc	[ \/\/ ]	[ \/\/ ]	[ \/\/ ]
Pidgin	[ \/\/ ]
PikaPay			[ \/\/ ]
Pinoy Hack News		[ \/\/ ]	[ \/\/ ]
Pinterest	[ \/\/ ]
Piwik			[ \/\/ ]
Plone Framework			[ \/\/ ]
Pocket	[ \/\/ ]
Polar SSL			[ \/\/ ]
PostmarkApp	[ \/\/ ]
Prezi	[ \/\/ ]
PullReview			[ \/\/ ]
Puppet Labs	[ \/\/ ]
PureVPN	[ \/\/ ]
Qiwi	[ \/\/ ]
Qmail			[ \/\/ ]
Rackspace			[ \/\/ ]
Redaxo			[ \/\/ ]
Reddit			[ \/\/ ]
RedHat	[ \/\/ ]
Regiobank NL
Relaso			[ \/\/ ]
Ribose	[ \/\/ ]
Ripple			[ \/\/ ]
Riskalyze		[ \/\/ ]
Risk.io	[ \/\/ ]
Ruby Language			[ \/\/ ]
Salesforce		[ \/\/ ]	[ \/\/ ]
Samba	[ \/\/ ]		[ \/\/ ]
Samsung	[ \/\/ ]		[ \/\/ ]
SBWire		[ \/\/ ]	[ \/\/ ]
Schuberg Philis			[ \/\/ ]
Scorpion Software			[ \/\/ ]
Security Net			[ \/\/ ]
Segment.io			[ \/\/ ]
Sellfy	[ \/\/ ]		[ \/\/ ]
Shopify	[ \/\/ ]		[ \/\/ ]
Sifter			[ \/\/ ]
Simple			[ \/\/ ]
Simplify			[ \/\/ ]
SiteGround			[ \/\/ ]
Skoodat			[ \/\/ ]
Skuid			[ \/\/ ]
Smart Budget	[ \/\/ ]
Smileznhapiez			[ \/\/ ]
SNS Bank NL			[ \/\/ ]
Sonatype			[ \/\/ ]
SonicWall (DELL)			[ \/\/ ]
Sony		[ \/\/ ]	[ \/\/ ]
Soundcloud		[ \/\/ ]	[ \/\/ ]
SplashID			[ \/\/ ]
Splitwise			[ \/\/ ]
Splunk		[ \/\/ ]
Spotify			[ \/\/ ]
Sprout Social			[ \/\/ ]
Square		[ \/\/ ]	[ \/\/ ]
StatusPage			[ \/\/ ]
StreemFire			[ \/\/ ]
StudiVZ (Report)		[ \/\/ ]	[ \/\/ ]
Symantec	[ \/\/ ]
TapaTalk		[ \/\/ ]	[ \/\/ ]
Tarsnap		[ \/\/ ]	[ \/\/ ]
Team Unify			[ \/\/ ]
Tele2	[ \/\/ ]
Telegram			[ \/\/ ]
Tesla		[ \/\/ ]	[ \/\/ ]
Trade Only	[ \/\/ ]
Trend Micro & (Beta Portal)			[ \/\/ ]
Tresorit			[ \/\/ ]
Tuenti	[ \/\/ ]		[ \/\/ ]
Tumblr			[ \/\/ ]
Twilio			[ \/\/ ]
Twitch Interactive			[ \/\/ ]
Twitter		[ \/\/ ]	[ \/\/ ]
Typo3			[ \/\/ ]
Uber			[ \/\/ ]
Unitag			[ \/\/ ]
UPC			[ \/\/ ]
Valve		[ \/\/ ]	[ \/\/ ]
VCE			[ \/\/ ]
Viadeo			[ \/\/ ]
Vodafone Security NL		[ \/\/ ]	[ \/\/ ]
Vodafone Security DE		[ \/\/ ]	[ \/\/ ]
Volcanic Pixels			[ \/\/ ]
VSR			[ \/\/ ]
Wamba		[ \/\/ ]	[ \/\/ ]
Webconverger	[ \/\/ ]
Web GUI			[ \/\/ ]
WebsiteBaker			[ \/\/ ]
Wickr	[ \/\/ ]	[ \/\/ ]	[ \/\/ ]
Windthorst ISD
X.com		[ \/\/ ]	[ \/\/ ]
Xen			[ \/\/ ]
XING (Social Network)		[ \/\/ ]	[ \/\/ ]
Xmarks	[ \/\/ ]
XMind	[ \/\/ ]		[ \/\/ ]
Yahoo!	[ \/\/ ]		[ \/\/ ]
Yandex			[ \/\/ ]
Yesware	[ \/\/ ]		[ \/\/ ]
YouTube			[ \/\/ ]
Zencash		[ \/\/ ]	[ \/\/ ]
Zendesk	[ \/\/ ]
Zerobrane			[ \/\/ ]
Zetetic		[ \/\/ ]
Ziggo			[ \/\/ ]
Zimbra		[ \/\/ ]	[ \/\/ ]
Zynga			[ \/\/ ]

Interest is terrible thing to waste. Where are you?

\/ ALL THE BEST - Bug Hunters \/

CORE Impact Professional

CORE Impact Professional is the most comprehensive software solution for assessing and testing security vulnerabilities throughout your organization.

IBM Security AppScan

IBM Rational AppScan Enterprise is a scalable solution to help resolve application security vulnerabilities, offering recommendations to simplify remediation.

HP WebInspect

HP WebInspect gives security professionals and security novices alike the power and knowledge to quickly identify and validate critical, high-risk security vulnerabilities.

Acunetix WVS

Acunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits web applications by checking for hacking vulnerabilities.

w4rri0r - Hacking Is Not A Crime - It's an art of Awareness

\/ w4rri0r - Hacking Is Not A Crime - It's an art of Awareness \/ - w4rri0r work in the dark, w4rri0r do what w4rri0r can, w4rri0r give what w4rri0r have, w4rri0r doubt is w4rri0r passion and w4rri0r passion is w4rri0r task. The rest is the madness of art \/ w4rri0r \/

\/ w4rri0r.com \/ are the great resource for information security professionals and researcher. \/ w4rri0r \/ offers a extensive variation of information security services that include SECURITY EXPLOITS (Bug or Vulnerability), SECURITY ADVISORIES (Security Alerts), SECURITY RESEARCHER TOOLBOX (Freeware, Shareware & Open-Source), SHELLCODE (Attacker Controller - Chunk of Data), SECURITY TRAINING (Educational Purpose), SECURITY NEWS (Security Recent or Important Events) and with this group you can be assured that you’re in the right hands. \/ w4rri0r gr0up \/ efforts being endorsed and appreciated by administrators, security researchers and members of various underground hacking groups and communities worldwide.

\/ w4rri0r mission \/ are to make the information systems more secure, more aware, more reliable and protect against possible security breaches.

340+ Bug Bounty and Disclosure Programs

CORE Impact Professional

IBM Security AppScan

HP WebInspect

Acunetix WVS

w4rri0r - Hacking Is Not A Crime - It's an art of Awareness

Hacker Groups

Login

Register