hackerone

Pricing can kill your product, or make it soar. To start with, create pricing tiers and make pricing easy and convenient for your customers. Beyond that, the decisions are difficult, such as usage-based vs. predictable pricing. In this presentation, we discuss the key principles of pricing and app or online service, showing the pros and cons of your choices.

Blog post & video: https://www.saastr.com/picking-the-perfect-pricing-model-that-fits-your-app-with-hackerone-ceo-marten-mickos-podcast-508-and-video/

✉️ Sign up for the newsletter: https://mailing.bugbountyexplained.com/

This podcast is an interview with Augusto Zanellato, the hacker who submitted report with a GitHub rest API token leaked which had access to Shopify's Github account. It was reported on Hackerone to Shopify and Augusto got $50,000 for it. The best thing is that he didn't even look for a security issue.

Link to the report explained: https://youtu.be/TOgIgD0KUVs
The report on Hackerone: https://hackerone.com/reports/1087489
Subscribe to Bug Bounty Reports Explained on YouTube: https://www.youtube.com/c/BugBountyReportsExplained/

Augusto's media:
https://twitter.com/auguzanellato
https://hackerone.com/augustozanellato?type=user
https://github.com/augustozanellato

In this seventh episode of Access Control, a podcast providing practical security advice for startups, Ben Arent chats with Ben Sadeghipour ( AKA (https://twitter.com/NahamSec ), Head of Hacker Education at https://www.hackerone.com/ and Hacker by night. This episode is a deep dive into how startups can leverage the power of crowd sourced hackers to find bugs and security issues in your apps. Ben Sadeghipour has over 685 vulnerabilities found in major sites such as Snapchat, AirBnB and even the U.S. Department of Defense, Hacker One helps companies by providing tools to help with response assessments and running their bug bounty programs.

Josh and Kurt talk about the idea behind the full disclosure of security vulnerability details. There have been discussions about this topic for decades with many people on all sides of the issue. The reality is however, if you look at the current state of things, this discussion is settled, full disclosure won.

Show Notes

• Hacker One 100 million payout
• Project Zero bug
• Remington gun trigger class action lawsuit
• Square windows on a plane

WWFH Class: (Ms. Berlin)

“Breaching the Cloud”

@dafthack

 

https://www.blackhillsinfosec.com/breaching-the-cloud-perimeter-w-beau-bullock/

 

https://wildwesthackinfest.com/wwhf-at-secure-wv/

 

IWCE 2020 panel:

“Being a thought leader”

 

ADKAR class

Book Club: 03 September 2020 7pm: https://smile.amazon.com/ADKAR-Change-Business-Government-Community/dp/1930885504/ref=sr_1_1?dchild=1&keywords=ADKAR&qid=1598543747&sr=8-1

TLS cert life is 13 months now (397 day) than now:

https://www.bleepingcomputer.com/news/technology/you-have-two-days-left-to-purchase-2-year-tls-ssl-certificates/

 

Tesla and FBI prevented $1 million ransomware hack at Gigafactory Nevada

https://electrek.co/2020/08/27/tesla-fbi-prevent-ransomware-hack-gigafactory-nevada/ 

 

Garmin Hack https://www.privateinternetaccess.com/blog/the-garmin-hack-could-have-been-a-disastrous-large-scale-privacy-breach/ 

https://hackerone.com/reports/783877

https://www.reddit.com/r/netsec/comments/iifh3r/remote_code_execution_in_slack_desktop_apps/

 

Reserved Campsites for InfosecCampout 2021

 

MHH Feel Good Boxes

https://lovethesecookies.com/

Trojan - “not my fault”

Segfaults and then injects DLLs

@seaseceast

This week in the Topic Segment, our very own Jeff Man gives us a recap on the 2018 RSA Conference! He discusses HackerOne CEO talking Bug Bounty programs, DevSecOps day at RSA demonstrates how the thinking around secure software has evolved, if it’s time to kill the Pen Test, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode557 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

This week in the Topic Segment, our very own Jeff Man gives us a recap on the 2018 RSA Conference! He discusses HackerOne CEO talking Bug Bounty programs, DevSecOps day at RSA demonstrates how the thinking around secure software has evolved, if it’s time to kill the Pen Test, and more!

Full Show Notes: https://wiki.securityweekly.com/Episode557 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly

Visit our website: http://securityweekly.com

Follow us on Twitter: https://www.twitter.comsecurityweekly

Google and Microsoft announce bug bounty programs, HackerOne releases open source projects, less spam for all of us, and more. Jason Wood of Paladin Security delivers expert commentary on ransomware for dummies. Stay tuned!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_114_March_7,_2017#Expert_Commentary:_Jason_Wood.2C_Paladin_Security

Visit http://hacknaked.tv to get all the latest episodes!

Google and Microsoft announce bug bounty programs, HackerOne releases open source projects, less spam for all of us, and more. Jason Wood of Paladin Security delivers expert commentary on ransomware for dummies. Stay tuned!

Full Show Notes: http://wiki.securityweekly.com/wiki/index.php/Hack_Naked_News_114_March_7,_2017#Expert_Commentary:_Jason_Wood.2C_Paladin_Security

Visit http://hacknaked.tv to get all the latest episodes!