• Follow us

Technology

Like it or not, hackers are testing the security of your web presence

Like it or not, hackers are testing the security of your web presence

A company’s website is its most visible public presence. A well-designed website can help sell a brand and attract and retain customers. On the other hand, a hacked website can mean a data breach and costly fines.

Correct design along with the deployment of the right security appliances can go a long way toward improving the security of your website, and a good web application firewall (WAF) is an important first step toward preventing the majority of attacks against your website. However, some attackers find new and different vulnerabilities to exploit. This is where bug bounty programs come in.

Bug Bounties and Vulnerability Discovery

Bug bounty programs are a cost-effective way for organizations to find potentially exploitable vulnerabilities within their programs. Instead of paying a penetration testing team by the hour to search for vulnerabilities, bug bounty programs pay per vulnerability discovered, letting organizations feel like they’re receiving actual value for their money. This “crowdsourced security” testing provides various benefits.

In essence, a bug bounty program is an attempt to make it more valuable for potential attackers to help you than to hack you. By agreeing not to sue anyone who performs vulnerability testing against your site and promising rewards to anyone who finds something of value, you increase the probability that a white hat (good guy) hacker will look at your site, find a hole in your security, and tell you how to fix it before a real attacker finds and takes advantage of the same vulnerability.

Bug bounty programs come in all shapes and sizes. Some organizations run their own programs via a page on their websites. Others work through third parties who manage the details of the hunting, validate reports, and send only the important reports on to the company. This lets the organization focus on its core mission while still reaping the benefits of a bug bounty program.

Unauthorized Hunting

Just because your organization doesn’t have a bug bounty program in place doesn’t mean that people won’t look for vulnerabilities in your website. You almost certainly have the black hat attackers looking to break into your systems (there isn’t much you can do to persuade them not to), but you may also have gray hats taking a look as well.

Gray hat hackers typically do the “wrong thing for the right reasons”. These are the guys who will try to hack into your website without permission (despite the fact that it’s illegal) and then report any discovered vulnerabilities to you without causing any harm.

While you didn’t ask for a gray hat to perform testing of your website, there are good and bad ways to deal with them. At one end of the spectrum is acting like the report was part of a formal bug bounty program: thanking them for their efforts and potentially paying a small reward for their trouble (since knowledge of the vulnerability is useful to your organization).

Unfortunately, some organizations react much less gratefully to vulnerability disclosures by gray hats. The “best” of these bad reactions are just ignoring the gray hat, but things can get a lot worse.

When dealing with a gray hat report, professionalism is important. Yes, the person performed testing against your services without permission, but at least it gives you the opportunity to fix the problem before someone less ethical finds it.

Managing Bug Hunting

Putting in the effort to set up some type of bug hunting program is always a good idea for an organization. How much work is put into the program can depend on your organization’s unique situation. If you feel like you can really benefit from ethical disclosures from third-party bug hunters, maybe setting up a full-fledged program is in order. At a minimum, it’s good to have a page with information on how to report a bug and a dedicated email address for managing these reports.

And once you have an email address for bug reports, make sure that someone checks it and handles each case appropriately. In many cases, the hunter is only trying to help and just wants acknowledgment of the vulnerability and steps to be taken to fix it. Failing to respond may cause them to use less secure methods of trying to reach you (like a Facebook or Twitter post).

You always want bug hunters to be able to reach you in a direct, secure manner. If a vulnerability report goes public, even if it doesn’t contain details, it’s like painting a target on your company’s website. The fact that someone wants to report a bug to you means that one exists, which may cause hackers to pay more attention to you than you really want.

Securing Your Sites

Everyone has vulnerabilities. The sheer amount of code used by most organizations (some of it third-party) means that flaws are almost certain to sneak in. Some of these bugs are minor, but others can have a significant impact on your organization’s security. It’s important to take every possible step to secure your websites (like investing in a good web application firewall) and to manage vulnerability disclosures appropriately.

There are people out there testing the security of your web presence. Some will be good guys and some will be bad. It’s always better to work with the good ones to lock down any holes in your site’s defenses before the bad ones find them and use them to wreak havoc.

Read More



Leave A Comment

More News

TechNewsWorld

Social Media, Crafters, Gamers and the Online Censorship 2019-07-12 15:09:30Ravelry, an online knitting community that has more than 8 million members, last month announced that it would ban forum posts, projects, patterns and

Debian Linux 10 'Buster' Places Stability Ahead of 2019-07-12 08:00:00After 25 months of development, the makers of the granddaddy of the Linux OSes released an upgrade that updates many of the software packages and play

Zoom Flaw Turns Mac Cam into Spy Cam 2019-07-10 12:42:04A security researcher has found a flaw in the popular video conferencing app Zoom that could be used to turn on the camera on a Macintosh computer wit

The Router's Obstacle-Strewn Route to Home IoT Security 2019-07-10 08:00:00It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT

FBI, ICE Turn Drivers' Licenses Into Facial Recognition 2019-07-09 08:00:00State motor vehicle departments have become a rich source of facial recognition data for and FBI and Immigration and Customs Enforcement agents. Resea

Mageia 7 Pushes Linux Desktop Boundaries 2019-07-08 14:51:12Mageia 7 redefines the concept of traditional Linux. It is a solid operating system well suited to both newcomers and seasoned Linux users alike. The

Anticipating the Merger of Apple and Oracle 2019-07-08 13:01:14After reading about the departure of Jony Ive, I'm trying to wrap my head around Apple without a design focus. Now this isn't as hard as you might t

Can You Hear Me Now? Staying Connected During 2019-07-03 08:00:00While good communication is pretty much universally beneficial, there are times when it's more so than others. One such time? During a cybersecurity

Clean Energy Solutions to Lower Your Electric Bill 2019-07-01 14:47:21Utility bills can get astronomical in the summer and winter. You can reduce those costs and your carbon footprint by signing up for Arcadia Power. Acc

The Democratic Debate That Wasn't: How Tech Could 2019-07-01 08:43:36I watched the Democratic debates last week and was struck by three things: I'd likely rather watch paint dry; the application of technology to improv

NSA Admits Improper Collection of Phone Data, 2nd 2019-06-27 05:39:54The ACLU has released documents showing the NSA improperly collected Americans' call and text logs in November 2017 and in February and October 2018.

Chinese Hackers Linked to Global Attacks on Telcos 2019-06-26 13:04:05Chinese hackers likely are responsible for a series of cyberattacks against telecommunications companies around the world, security researchers have r

PCWorld

How to add music to your Google Slides 2019-07-10 16:44:00Music is a great way to liven up your Google Sheets presentations and keep your audience engaged. Unlike Microsoft PowerPoint, however, Google Sheets

As Microsoft kills off Remix3D, it's time to 2019-07-10 15:35:00Microsoft said Tuesday that it has scheduled Paint 3D's Remix 3D archive for termination—and if you don't know what that is, then you probably

Take that Intel 10th-gen 'Comet Lake' CPU leak 2019-07-10 13:40:00We don’t usually like to report on rumors here at PCWorld because, well, they’re usually (but not always) full of crap. But you’ll w

Zoom patches Mac app to remove local server, 2019-07-10 13:13:00Zoom has patched its Mac app after a researcher discovered a vulnerability that could allow a website to access your Mac's camera.

Mobvoi has launched the TicWatch Pro 4G at 2019-07-10 12:51:00There might not be much to get excited about when it comes to Wear OS watches these days, but that’s not stopping Mobvoi. After tackling the mid

The Raspberry Pi 4's new USB-C charging doesn't 2019-07-10 11:38:00The Raspberry Pi 4 launched in late June and as usual, it’s a major upgrade over the prior model, packing more RAM, enough graphics horsepower t

Addlink S70 NVMe SSD: Killer performance for a 2019-07-10 06:30:00I must admit, I wasn’t expecting all that much from Addlink’s S70 SSD. I’d never heard of the company before, and a 1TB NVMe SSD for

iLife Shinebot W400 review: this robot mop is 2019-07-10 06:00:00This bot brings the elbow grease many robot floor mops lack.

Why your next smart bulb might have Bluetooth 2019-07-10 06:00:00While the Zigbee wireless standard has traditionally ruled the roost when it comes to wireless smart bulb protocols, Bluetooth appears to be gaining m

How to back up your Google Photos library 2019-07-10 05:59:00Ever since Google Photos and its unlimited high-quality cloud storage arrived, Google has included a handy backup method with your Google Drive. As lo

Intel takes the chiplet concept to the next 2019-07-10 02:34:00Intel’s EMIB was the foundation of the Kaby Lake-G partnership with AMD. Intel’s Foveros stacked-die technology produced the upcoming Lake

The best laptops: Premium laptops, cheap laptops, 2-in-1s, 2019-07-09 21:48:00The laptop world is a-changing. New CPUs and GPUs—yes, mobile discrete GPUs—are bringing forth laptops that are thinner, lighter, and fast

TechCrunch

Original Content podcast: Netflix thriller ‘Point Blank’ underwhelms 2019-07-14 14:48:56“Point Blank,” a new Netflix original film, stars Frank Grillo and Anthony Mackie as a criminal and a nurse thrown together by circumstanc

Watch ISRO’s historic Chandrayaan-2 Moon mission rocket launch 2019-07-14 12:52:31UPDATE: The launch was called off for today with 56 minutes remaining in the countdown due to a “technical snag.” ISRO will provided updat

Kibus is like a Keurig for your pet 2019-07-14 09:03:20In a pitch during a recent meeting at Brinc’s Hong Kong headquarters, the Barcelona-based team behind Kibus Petcare was quick to point out that

Don’t blame flawed Silicon Valley for the rot 2019-07-14 09:00:09The techlash is well underway. Blame Facebook! Blame Google! Blame Amazon! (Apple and Microsoft still seem relatively immune, for now.) And, I mean, t

Week-in-Review: Google’s never-ending autonomous road trip 2019-07-14 07:00:34Hello, weekend readers. This is Week-in-Review where I give a heavy amount of analysis and/or rambling thoughts on one story while scouring the rest o

Phuture Foods is creating a plant-based pork substitute 2019-07-14 06:08:51We met with a handful of Brinc’s top startups earlier this week, during a visit to the accelerator’s Hong Kong headquarters. The lion&rsqu

Roblox EC-1, immigration requirements doubling, grief in the 2019-07-13 13:08:08The Roblox EC-1 Following in the wake of our deep profiles of Patreon and Niantic, we have our next EC-1 package, this time on children’s gaming

Personality of things 2019-07-13 12:30:12Tiffine Wang Contributor Share on Twitter Tiffine Wang is a senior investment manager at Singtel Innov8, the corporate venture capital arm of Singtel

Is blitzscaling killing early employee equity opportunities? 2019-07-13 11:38:51Silicon Valley has many dreams. One dream — the Hollywood version anyway — is for a down-and-out founder to begin tinkering and coding in

W(hy)TF are Japan and South Korea in a 2019-07-13 10:20:48Another week, another trade war. And unlike most trade wars these days, this one didn’t originate from the confines of the Rose Garden with the

Startups Weekly: Zoom, Superhuman and small reactions to 2019-07-13 08:00:27In this week's newsletter: An inside look at TechCrunch's Mobility Conference, Credita's big fundraise and Bumble's bad week.

Valkyrie Industries is building a haptic VR suit 2019-07-13 05:12:41Valkyrie Industries off-handedly refers to the current iteration of its VR suit as “Iron Man v. 1.” It’s a fitting reference. There&

FOX News

7 digital privacy tricks you’ll wish you knew 2019-07-14 06:00:43We surround ourselves with devices. Our cars respond to us. Our smart TVs listen to us. Every camera in every tablet and laptop is a potential spying

Doxing defenses, games for retirees, breaking up with 2019-07-13 06:00:09Defend yourself from doxing, break up with Google and audit your Amazon purchases.

Nintendo responds to trade tensions between US and 2019-07-12 14:51:47Gaming giant Nintendo to move production of its hugely popular Switch consoles from China to Vietnam amid trade tensions.

Facebook’s ‘superhuman’ AI becomes first to defeat pros 2019-07-12 14:32:21An artificial intelligence bot developed by Facebook defeated professionals in six-player Hold'em, marking the first time AI has beaten human experts

Alleged Iranian hacker who aided cyber espionage attacks 2019-07-12 14:27:57For years, “Mr. Tekide” has been well-known as a red flag within international cybersecurity communities. The alias has managed to evade b

OK Google, are you listening? Tech giant's smart 2019-07-12 12:49:04Google's smart speakers allow contractors for the tech giant employees to listen to excerpts of private conversations, some which could include sensi

Pentagon plans 'war-cloud' computing system for the military 2019-07-12 11:10:11The Joint Enterprise Defense Infrastructure will store and crunch vast amounts of classified data and let the military use artificial intelligence to

Man uses password breaking software to hack women's 2019-07-12 09:06:10A man gained unauthorized access to more than 100 women’s digital accounts, all of which were password protected, according to a statement this

Facebook denies being a social network after it 2019-07-12 08:51:00(Photo by Justin Sullivan/Getty Images) This week, Facebook responded to a lawsuit relating to the Cambridge Analytica scandal by claiming it isn't a

Twitter suffers widespread outage lasting over an hour 2019-07-11 15:47:44Twitter was experiencing an outage Thursday as thousands of users found themselves unable to access the social media platform. 

Amazon to retrain a third of its US 2019-07-11 13:49:01Amazon.com Inc. plans to spend $700 million to retrain a third of its U.S. workforce, as technology threatens to upend the way many of its employees d

Christian author says $240G worth of fake copies 2019-07-11 11:04:03A female priest says Amazon sold $240,000 worth of counterfeit copies of her faith-based book -- before it was removed from the top bookselling site.

Thetechhacker

How to delete all particular files inside a 2019-07-11 13:38:27We all have computers these days, and they are quite useful in our daily life. However, not everyone is a computer expert. Most of the people out ther

Should You Really Use Corrective Maintenance? 2019-07-11 08:22:21When it comes to modern business, regardless of their size, having a set maintenance strategy in place is of utmost importance! With that being said,

Apple removes vulnerable Zoom web server via an 2019-07-11 06:41:12You must have already heard about the Zoom vulnerability which was found out yesterday. If not, you should note that your Mac-powered device is vulner

Your Google Home recordings are secretly being heard 2019-07-11 06:22:22You might have already read about the fact that Amazon Alexa is recording each and every conversation of yours. This sparked controversy and thus Amaz

5 Ways To Implement A New Business Software 2019-07-11 01:55:33Business software plays a major role in modern day business as they help automate tasks, reduce errors and save time. If implemented properly, you wil

Instagram wants to fight bullying on its platform 2019-07-10 03:34:55We have known that if you are a celebrity or somewhat popular, there is every chance that you might get cyber-bullied. This is because people pay atte

Application Tools to Aid Students 2019-07-09 13:35:58College students across the world have a tough time keeping up with the deadlines of assignments. The good news is there is always help on hand at the

Your Mac’s webcam could be hijacked because of 2019-07-09 02:37:03If you are using a Mac device or a MacBook for that matter, there is something you need to be worried about. This is particularly true if you are usin

“Windows 1.1 Stranger Things” Edition released by Microsoft 2019-07-08 08:03:21Many of us might not have been here when Microsoft released the first version of Windows. That is because this version of Windows was released in 1985

2019-07-08 08:01:58Of course there's nothing strange about Windows 1.0. Don't worry. Everything will be ..-. .. -. . / — -. / .— ..- .-.. -.– / &mdas

How to Turn Off Google Chrome Auto Sign-In 2019-07-08 03:36:49Google introduced the auto sign-in feature in Chrome version 69, which is quite helpful and easy to log in the Google related services such as Gmail a

Steve Wozniak says that people should quit Facebook 2019-07-08 03:10:33We have known that social media can be good but it is also bad at the same time. However, the biggest problem with social media is the companies that

SlashGear

Dota Underlords beta testers get access to prototype 2019-07-13 12:05:22Valve has announced the free availability of ‘Proto Pass’ for its Dota Underlords strategy battle game. The title was released for everyon

Star Wars: The Mandalorian season two already in 2019-07-13 10:38:11Later this year, Disney will finally opens the doors to its Disney+ streaming service, enabling the public to subscribe to the service and enjoy both

Florida issues rabies alert covering part of Walt 2019-07-13 09:00:29The Florida Department of Health in Orange County issued a rabies alert on July 9 that will remain in effect for 60 days. The alert covers a two-mile

EA doesn’t know why they’re the “bad guy”: 2019-07-13 07:35:27Many gamers consider Electronic Arts the bane of the gaming industry. With its cash-grab titles, endless in-game purchases and corporate controversies

FX Plus streaming video subscription service will end 2019-07-13 07:15:53FX Plus (FX+), a streaming video subscription service that provided customers with access to FX content, has been shut down. Existing customers will r

YouTube Premium can now automatically download recent videos 2019-07-12 20:18:30YouTube Premium, the subscription service offered by YouTube for users who want access to more features, has added the ability to save videos from fav

Calorie restriction ‘significantly’ improves health in thin adults 2019-07-12 19:02:04A study out of Duke Health has found that eliminating approximately 300 calories from one’s daily diet has a significant protective effect on he

Fortnite Trios Cash Cup tournament will include new 2019-07-12 17:53:16This weekend will bring the Fortnite Trios Cash Cup, a tournament taking place on July 13 and July 14 that was first teased in late June. The top team

Amazon Prime Day is a dirty trick 2019-07-12 16:56:26It’s that time again, the “Amazon Prime Day” sale, the (two days) of the year when Amazon suggests it has its best deals of the year

United Airlines cancels another 5,000 Boeing 737 Max 2019-07-12 16:55:39United Airlines has announced that it cancelled thousands of additional flights involving the Boeing 737 Max, covering around 2,100 flights that were

Netflix original hit ‘Mindhunter’ returns with season two 2019-07-12 16:03:24Mindhunter, a budding original hit that Netflix first premiered in late 2017, is finally getting a second season, the company has announced. Fans can

Latest Pokemon Sword and Shield trailer is all 2019-07-12 16:02:05Game Freak and The Pokemon Company have delivered more gameplay footage from Pokemon Sword and Shield, this time in the form of a Japanese TV spot. Th

Electrek

Climate Crisis Weekly: Weekly disasters, flooding forces moves, 2019-07-13 09:00:26 In this edition of Climate Crisis Weekly: Climate crisis disasters are happening every week, the UN says. Rising seas, flooding have some Americans a

Full specs revealed on the 78 kW Harley-Davidson 2019-07-12 14:19:31 With the release of Harley-Davidson LiveWire quickly approaching, Electrek is in Brooklyn to take a first ride on the new electric motorcycle. And no

Save on outdoor tools from Ryobi, Greenworks and 2019-07-12 13:33:09 Home Depot offers the Ryobi ONE+ 18V String Trimmer and Blower Kit for $99 shipped. For comparison, it typically sells for $119 and today’

Mercedes-Benz completes deliveries of its fleet of electric 2019-07-12 12:53:42 Mercedes-Benz has now delivered the last one of its 10 eActros electric semi trucks as part of the first phase of its ‘Innovation fleet’

Nissan gives us a ‘state of the EV’ 2019-07-12 12:29:53 We want to thank Nissan for inviting us out and putting us up for their Formula E event in Brooklyn for the second straight year. The three-day event

US battery storage projects on the rise, utility-scale 2019-07-12 11:27:37 Battery storage projects are taking off in the US, with a substantial leap expected in the coming years, as the country could triple its utility-scal

Seres puts electric car launch in the US 2019-07-12 09:39:31 Seres, formerly known as SF Motors, was one of the more promising Chinese-backed electric car startup to enter the US, but it has now put its electri

EGEB: New York’s ‘Future Grid Challenge,’ floating solar 2019-07-12 08:59:54 In today’s EGEB: New York introduces the first round of funding for its Future Grid Challenge. A look at how floating solar could take off in t

VW and Ford expand alliance to electric and 2019-07-12 08:55:28 Volkswagen and Ford have announced the long-expected expansion of their alliance, as the two companies will collaborate on electric and self-driving

Tesla Semi prototype spotted on highway, maybe without 2019-07-12 05:25:30 A Tesla Semi prototype has been spotted driving down the highway in California and some are speculating that there wasn’t a driver at the wheel

LG Chem is working on a potential new 2019-07-11 15:32:58 LG Chem, one of the leading producers of Li-Ion battery cells for electric cars, is working on a potential new billion-dollar US battery cell factory

Lidar startup Luminar gets $100M in funding, sub-$1,000 2019-07-11 15:09:46 Lidar startup Luminar announced today that it’s received $100 million in new funding, as the company also introduced Iris, an autonomous platfo

Ars Technica UK

OurPact returns to App Store, reviving debates about 2019-07-12 18:15:54What OurPact's return means for similar apps, iOS security, and antitrust cases against Apple.

Gartner, IDC agree that PC sales are up—but 2019-07-12 17:40:08The PC market is doing well so far, largely due to Windows 7's impending demise.

Facebook’s FTC fine will be $5 billion—or one 2019-07-12 17:26:04Fine will settle privacy investigation triggered by Cambridge Analytica scandal.

Prominent anti-vaxxers lose New York court case over 2019-07-12 16:35:27Attorney and prominent anti-vaccine advocate Robert F. Kennedy vows to keep fighting.

Want to be more creative? Playing Minecraft can 2019-07-12 15:32:20Caveat: Subjects who were explicitly told to be creative in Minecraft improved the least.

Teardowns and benchmarks: All the details about Apple’s 2019-07-12 14:30:33Even faster performance comes with a lower repairability rating.

Right-wingers say Twitter’s “bias” against them should be 2019-07-12 14:20:55Conservatives are split on whether section 230 harms or preserves free speech.

The latest barrier to 5G speeds? The summer 2019-07-12 14:08:16Hands-on report says "persistent overheating" issues plague 5G hardware.

US gov’t growing a record 2-ton cannabis crop—but 2019-07-12 13:22:48Ole Miss still the only approved cannabis grower as DEA sits on dozens of applications.

Evidence points to another Switch hardware revision on 2019-07-12 12:44:02It could be a more powerful hardware line or just a "stealth" internal upgrade.

Charter gets final approval to stay in NY 2019-07-12 11:32:51Charter gets extra year to meet Time Warner Cable merger requirement.

Ford-VW alliance means more EVs for Europe, joint 2019-07-12 10:40:43More details emerge on Ford-VW alliance on electric and autonomous cars.

Top Technology News --

What happens when you explode a chemical bond? 2019-07-11 13:03:03Light-induced breakage of chemical bonds can lead to damage in the body and environment, but techniques for studying this photochemical reaction have

The best of both worlds: How to solve 2019-07-11 12:26:58Researchers have developed hybrid algorithms to run on size-limited quantum machines and have demonstrated them for practical applications.

Caught in the act: Images capture molecular motions 2019-07-11 12:07:01Researchers have shot a 'movie' of subtle molecular motions in unprecedented detail, shedding light on previously unseen chemical dynamics.

New superomniphobic glass soars high on butterfly wings 2019-07-11 11:48:49Glass for technologies like displays, tablets, laptops, smartphones, and solar cells need to pass light through, but could benefit from a surface that

Fossil fuels increasingly offer a poor return on 2019-07-11 11:48:46Researchers have calculated the EROI for fossil fuels over a 16 year period and found that at the finished fuel stage, the ratios are much closer to t

Hubble uncovers black hole that shouldn't exist 2019-07-11 11:48:32As if black holes weren't mysterious enough, astronomers have found an unexpected thin disk of material furiously whirling around a supermassive blac

Alternating currents cause Jupiter's aurora 2019-07-11 10:56:29An international research team has measured the system of currents that generates Jupiter's aurora. The scientists found out that sulphur dioxide gas

Study finds nearly half of shared e-scooters being 2019-07-11 10:56:08An observational study of electric scooter riding in central Brisbane has found nearly half of shared e-scooters were being ridden illegally.

An 'EpiPen' for spinal cord injuries 2019-07-11 10:56:00An injection of nanoparticles can prevent the body's immune system from overreacting to trauma, potentially preventing some spinal cord injuries from

How social movements can use virtual worlds 2019-07-10 19:39:13Online virtual worlds can help social movements raise awareness and create safe spaces for their members, according to a new study. The research exami

Will your future computer be made using bacteria? 2019-07-10 16:34:13Graphene is a revolutionary nanomaterial, the discovery of which led to a Nobel Prize. By mixing graphite with bacteria, Rochester scientists are maki

No more trial-and-error when choosing an electrolyte for 2019-07-10 15:18:21Researchers have developed a one-parameter measure that makes selecting the correct electrolyte for potassium-air batteries an exercise in rationality


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.