Now, even pornography sites are starting to embrace bug bounty practices in order to safeguard its user's security.
The world's most popular pornography site PornHub has launched a bug bounty program for security researchers and bug hunters who can find and report security vulnerabilities in its website.
Partnered with HackerOne, PornHub is offering to pay independent security researchers and bug hunters between $50 and $25,000, depending upon the impact of vulnerabilities they find.
Also Read: 10-year-old Boy becomes the youngest Bug Bounty Hacker.
HackeOne is a bug bounty startup that operates bug bounty programs for companies including Yahoo, Twitter, Slack, Dropbox, Uber, General Motors – and even the United States Department of Defense for Hack the Pentagon initiative.
"Like other major tech players have been doing as of late, we’re tapping some of the most talented security researchers as a proactive and precautionary measure – in addition to our dedicated developer and security teams – to ensure not only the security of our site but that of our users, which is paramount to us," said PornHub Vice President Corey Price.
"The brand new program provides some of our developer-savvy fans a chance to earn some extra cash – upwards to $25K – and the opportunity to be included in helping to protect and enhance the site for our 60 Million daily visitors."
How to Earn $25,000 Reward
To qualify for a bounty reward, security researchers and bug hunters must meet the following requirements:
- Be the first to report a security bug directly related to the company infrastructure.
- Send a description of your bug report, explaining the type of vulnerability and how it works.
- Include screenshots and proof of concept code to substantiate your claim.
- Disclose your finding directly and exclusively with Pornhub.
Vulnerabilities such as cross-site request forgery (CSRF), information disclosure, cross domain leakage, XSS attacks via Post requests, HTTPS related (such as HSTS), HttpOnly and Secure cookie flags, missing SPF records and session timeout will not be considered for the bounty program.
The bounty program has currently been in a beta phase, with the company extending it via invite only. You can read complete eligibility for the bounty program on HackerOne website.
source:thehackersnews.com
0 comments:
Post a Comment