Author: YesWeHack Team

The Dark Side of XSS revealed

Cross-site scripting (XSS) is one of the most common web application vulnerabilities and is still present in the OWASP Top 10-2017.

The goal of this paper is not to explain how to bypass antiXSS filter in browser or WAF protection, but to figure out what possibilities are offered by XSS vulnerabilities.

CISOs like Bug Bounty Managers need to pay attention to this kind of vulnerability which -at times- can be critical through the first steps of chaining.

Read More

core bug bounty hunter

Being core-hunter of Bounty Factory Private Team

onemoreMy nickname is Onemore and I am a core-hunter of the BountyFactory.io private Team.

I’ve been hunting for bug bounties since 2012.

As a core-hunter for BountyFactory.io, my job is to spot talents and ask them to join us.

Even if our recruitment is subject to a co-optation process, i do have some criteria that help me spotting and rating new applicants.

In order to level-up the degree of trust, we need to apply some criteria for recruiting of our core hunters.

Those criteria are based on skill, level, openness, ethics, without omitting the ability to produce clear and relevant reports.

Read More

Powered by WordPress & Theme by Anders Norén