YesWeHack – Europe’s leading bug bounty platform – is opening an office in Singapore

YesWeHack – Europe #1 bug bounty platform – has announced that it is opening an office in Singapore. The new office is part of YesWeHack’s fast-growth strategy for its international activities following a €4 million fundraising at the start of the year.

YesWeHack is consolidating its global positioning in a sector that will transform the cybersecurity industry over the next five years.

Kevin Gallerin has been appointed Managing Director APAC to develop YesWeHack’s strategy in Asia. Having spent more than ten years in the region, he knows the Asian cybersecurity market inside out, having notably participated in the launch of CERT-LEXSI in Singapore.

+ Read More

New YesWeHack Api Extension for Burp

YesWeBurp

Today we are proud to release the version 1.0.0 of our BurpSuite extension.

This will allow you to access all the programs details from YesWeHack directly inside of BurpSuite.
But also instantly configure the scopes and the required headers according to the program rules. No more copy pasting between the website and your favorite tool!

+ Read More

YesWeHack, la première plateforme Européenne de Bug Bounty ouvre ses bureaux à Singapour

YesWeHack, leader européen du Bug Bounty, annonce officiellement l’ouverture de ses bureaux à Singapour.

Cette expansion s’inscrit dans une dynamique de croissance très forte des activités de YesWeHack à l’international, faisant suite à sa levée de fonds de 4 millions d’euros du début d’année.

YesWeHack assoit son statut d’acteur global dans un domaine qui va transformer le marché de la cybersécurité ces cinq prochaines années.

Pour développer la stratégie en Asie, YesWeHack nomme Kevin Gallerin comme Managing Director APAC. Implanté depuis plus d’une dizaine d’années dans la région, il connaît parfaitement le marché asiatique de la cybersécurité, ayant notamment participé au lancement du CERT-LEXSI à Singapour. Outre son expertise cyber et son expérience de créateur d’entreprise, il apporte également son regard de chercheur, étant lui même issu de la communauté, comme l’ensemble des co-fondateurs de YesWeHack.

+ Read More

New features for quicker and improved Bug Reporting !

Our Dev Team issued two new features for you to save time and gain quality while reporting vulnerabilities.

As shown below, now you can access a new menu entry called “My Yes We Hack“. This section provides a template manager up to five templates. According to our experience, 5 templates should be sufficient and useful for a majority of bug hunters.

In this section, based on Markdown, you can add or edit your templates.

Now, let’s see a second useful feature to better illustrate and/or document your reports.

+ Read More

Lucas aka BitK: high level bug hunter and the brand new YesWeHack Tech Ambassador.

Tell us about yourself, your background ?

I’m Lucas also know as BitK, I am 28 y/o. I’m a French guy who lives in Lyon. If you play CTF we have probably already met during an on site event as I play a lot of them with the French team Hexpresso.

Before joining YesWeHack I was writing / reversing software for power plants.

I’m also a bug hunter, I’ve been in the top 10 hackers on YesWeHack Bug Bounty platform since the launch of the platform.

Why did you join YesWeHack and what is your role ?

It’s a team that I’ve known for quite some time through CTF, Bug hunting and HZVCommunity & Events ( LeHack ).

We share the same principles and I do like the idea of bringing tools to the community.

My role as Tech Ambassador within YesWeHack will be to support the hackers’ community, by providing tools, talks and workshop. I’ll attend the YesWeHack sponsored events, having great time with bug hunters and IT security researchers.

As a bug hunter and CTF player what are you driven by ?

To me, bug hunting is a lot like a puzzle game, I feel like every software, application is vulnerable to some kind of exploitation, you just need to find how.

Writing software is a difficult job, and developers are still human beings, so they make mistakes : our job is to find those mistakes and help developers to fix them before it gets worse.

One thing I love about the hacker community is the willingness to share information, tips or tools. There is always someone better than you in a specific field and most of the time those people will share their knowledge if you ask nicely.

What are the benefits of CTF (Capture The Flag) for those who want to start bug hunting ?

CTF is a bit different from bug bounties, the major difference is that in CTF you know that a vulnerability is there, you goal is “just” to exploit it.

So usually CTF tasks are quite small, you need to exploit a very specific bug. While in bug bounties, you are hacking real enterprise, their website can be huge and sometime you can find yourself lost in the scope. Bug Bounty has a whole reckon phase that CTF don’t have, it’s a new skill to learn.

CTF and Bug Bounties are different, but most of the time I use tricks and tips I’ve learn during CTF to exploit real life application in Bug Bounty.

+ Read More

[ITW] Daniel Kalinowski: “Participating in bug bounties improves your skills and increase the overall knowledge.”

Let’s meet with Kalin, Bug Hunter from Poland.

What’s your background ?

I’m 25 yo ,I didn’t study, it’s kind of a waste of time in Poland. Well, depends if hacking the school PCs in junior high school counts? xD
I have started my carrier in IT industry as a Data Center Operator, then I got promoted to Junior Dev. They had to do it because I have pwned their application once, and after promotion with the access to source code I was able to find few more critical bugs. Also with the help of Shellshock I was able to download/view the files of the CTO that were stored on one NAS.

3 years ago I have joined a awesome security company, and in my current position I’m responsible for : Mobile apps testing / Web apps testing / Code reviews / General technical advisory on the customer side.

My nickname Kalin comes from my surname KALINowski. I can be also found on the Internet by @llamaonsecurity/@llamasbytes handle.

Why are you interested in bug bounty ?

It started bug bounties as a time-killer in my first job, then I forgot about it and came back to it when I started the carrier in IT security. Participating in bug bounties improves your skills and increase the overall knowledge. Once I had to dig into the PNG file format structure to execute the XSS payload on web servers. It was quite an unique experience. Financially speaking, 1 euro is equal to 4.15 PLN (my local currency) so participating in bug bounties can be profitable.

+ Read More

YesWeHack raises €4 million and plans to disrupt Europe’s cybersecurity market

YesWeHack, Europe’s leading Bug Bounty platform, announced today it has raised €4 million from Open CNP, the corporate venture program of CNP Assurances, and Normandie Participations. This deal aims at asserting the company’s presence in France and accelerate its international development, notably in Europe and Asia.

Founded in 2013, YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 7,000 cyber-security experts (ethical hackers) across 120 countries with organizations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.

 “YesWeHack mobilises collective intelligence to plug the widening gap in cybersecurity skills – one of the big challenges of the next few decades”

Guillaume Vassault-Houlière, CEO of YesWeHack
+ Read More

YesWeHack joins platform58, the start-up incubator of La Banque Postale

Building Trust at the core of digital transformation.

La Banque Postale puts its customers’ interests above all.

Through the creation of platform58, La Banque Postale asserts its willingness to strengthen its digital transformation for both its employees and customers.

Cybersecurity being a pillar of digital transformation, YesWeHack is looking forward to mobilizing its community in order to improve the banking industry global security.

The banking industry sees itself at a pivotal moment. The expectations of our customers but also of our employees, the rise of new disrupting techs and emerging players, require us to design a more open banking platform. With platform58, a strategic project for La Banque Postale, we embrace this change by creating a French FinTech & InsurTech ecosystem embodying our banking and civic values. We build together (start-ups, customers, partners, etc.) the bank and insurance of the future.

Remy Weber, Chairman of La Banque Postale’s Executive Board.

YesWeHack is delighted to be one of the first 7 start-ups to be hosted by platform58.

platform58 provides support and hosting for start-ups developing solutions in the fields of banking, insurance, technology, but also finance-related services, such as big data, health and education.

The platform58 incubator will offer selected start-ups (max. 10 per year) tailor-made support by experts and managers of La Banque Postale, with no equity investment and no time limit. Other actors, in particular CNP Assurances, 50 Partners1, Visa, EY, TelecomParisTech, 1000Mercis, and Startway will contribute to the success of start-ups.

The 7 selected start-ups

YesWeHack provides its bug bounty platform and expertise to the French Armed Forces Ministry.

YesWeHack is delighted to support the French Cyber Defence Command (COMCYBER), in order to leverage its 3,400 cyber-combatants+ force.

YesWeHack, a French start-up and bug bounty leader in Europe, equips COMCYBER with an innovative concept and tool to boost cooperation with all the Ministry’s cyber entities.

This bold initiative is part of the Ministry opening up towards the civil society and private actors.

Florence Parly, the French Armed Forces Minister, announced on the 22nd of January :

A partnership has been established between COMCYBER and a start-up, YesWeHack. So, yes, I do announce: we will launch the first bug bounty of the French Armed Forces Ministry at the end of February 2019. Ethical hackers, recruited within the cyber operational reserve, will be able to search for vulnerabilities in our systems and, if successful, be as they should be, rewarded.

Florence Parly, the French Armed Forces Minister

With the signing of this partnership, the Armed Forces Ministry becomes the first French Ministry to launch a bug bounty program. COMCYBER will leverage YesWeHack bug bounty platform to meet the growing challenge posed by new cyber threats.

With the YesWehack bug bounty platform, COMCYBER will be able to best use its trusted community of reservists, in order to improve global security of the ministry’s entities

Guillaume Vassault-Houlière, YESWEHACK CEO

This bug bounty program opens new perspectives for the management of the operational cyber reserve. Ultimately, such initiative will make possible to train reservists and increase their skills to significantly and durably improve the Ministry’s level of security.

YesWeHack met sa plateforme de bug bounty à disposition du ministère des Armées.

YesWeHack se réjouit d’apporter ses compétences au profit du Commandement de la cyberdéfense (COMCYBER) qui compte dans ses rangs plus de 3.400 cyber-combattants.

YesWeHack, start-up et leader français du bug bounty en Europe, offre au COMCYBER un concept et un outil novateurs développant la coopération avec l’ensemble des entités cyber du ministère. Cette discipline permet également au ministère de s’inscrire dans une démarche d’ouverture auprès du monde civil, avec l’ensemble des acteurs privés.

Un partenariat a été noué entre le COMCYBER et une start-up, YesWeHack. Alors, oui, je l’annonce, nous allons lancer fin février le premier bug bounty du ministère des Armées. Des hackers éthiques, recrutés au sein de la réserve opérationnelle cyber, pourront se lancer à la recherche des failles dans nos systèmes et s’ils en découvrent en être comme il se doit, récompensés.

Florence Parly, Ministre des Armées.

Avec la signature de ce partenariat, le ministère des Armées devient le premier ministère à se doter d’un exercice de bug bounty. Le COMCYBER va bénéficier de la plateforme de bug bounty de YesWeHack pour s’inscrire dans une vision de la Cybersécurité résolument moderne, où la collaboration et la coordination sont essentielles pour maintenir l’efficience de ses périmètres, face aux nouvelles menaces accentuées par la transformation numérique.

Il nous paraissait essentiel de proposer au COMCYBER la plateforme de bug bounty Yeswehack pour lui permettre d’améliorer sa sécurité opérationnelle grâce à leur communauté de confiance, constituée de réservistes.

Guillaume Vassault-Houlière, CEO YESWEHACK

Le bug bounty ouvre de nouvelles perspectives d’animation de la réserve opérationnelle cyber. À terme, la récurrence de ce type d’exercice permettra d’entraîner les réservistes et de les faire monter en compétences pour augmenter significativement et durablement le niveau de sécurité du ministère.
Ce modèle innovant pourra être facilement activé sur l’ensemble de l’exposition numérique du Ministère des Armées.

***

>> Devenir réserviste de cyberdéfense

La  réserve de cyberdéfense recrute tout au long de l’année des spécialistes dans le domaine informatique, réservistes opérationnels ou citoyens. La réserve recherche différents profils : coordinateurs, experts, analystes, techniciens; à différents niveaux : étudiants en 1ère année en informatique à BAC+5.

Le réserviste opérationnel souscrit un engagement à servir dans la réserve opérationnelle, un contrat rémunéré d'une durée de 1 à 5 ans renouvelable. Ces volontaires font le choix de servir leur pays sans faire du métier des armes leur seule profession.

Les réservistes citoyens sont des collaborateurs bénévoles du service public. Ils choisissent de servir leur pays en faisant bénéficier la défense de leur expertise et leur compétence. En tant que bénévole, ils consacrent le temps qu’ils souhaitent et peuvent, à cette mission.

Les conditions générales pour devenir réserviste

- Etre de nationalité française et résider en France
- Avoir plus de 17 ans
- Faire des études en informatique
- Etre en règle au regard des obligations du service national
- Ne pas avoir de casier judiciaire

Pour plus d’informations ou pour candidater (CV + lettre de motivation) : crpoc.cer.fct@intradef.gouv.fr

Source : https://www.defense.gouv.fr/portail/enjeux2/la-cyberdefense/la-cyberdefense/presentation

1 2 3 6