What happens when a security researcher finds a bug in your code or the way to access your customer data? Do you have a clear policy and flow to get the findings in a safe way? During this session I will show you how to create a Bug Bounty or Responsible Disclosure. Link: https://www.youtube.com/watch?v=5rSJpv0ZuZg

Vulnerability Disclosure Programs (VDPs) are a clear way to tell the security researcher community how an organization wants them to report a vulnerability and what an organizations’ commitment will be to fixing it. They’ve been best practice among progressive tech companies for years and are expanding across new industries, with even governments beginning to mandate them as best practice. Find out the interview made by HackerOne, where I explain a success case.

Software Engineers are humans. Humans make mistakes, and anything that can go wrong, will eventually go wrong. There is a known and big issue in Git and SVN platforms where developers push their code, sharing sometimes more than they should. Most of the times this is fully visible by anyone…

At some point, maybe you had the need to contact the owner of a Github repository. That is a feasible thing but very manual, loosing a lot of time copy&pasting and searching. Now this will be easier with the online tool you can find below. Simple stuff. Tool Github Email Search

Ciberataques. La delincuencia digital En este capítulo descubrimos como en el ciberespacio también existen el bien y el mal: los hackers éticos y los ciber-delincuentes se enfrentan en una lucha por atacar y defender los secretos, sin olvidarse que la ciber-policía patrulla las calles de las redes más oscuras. Link: http://www.rtve.es/m/alacarta/videos/el-cazador-de-cerebros/cazador-cerebros-ciberataques-delincuencia-digital/5417722/

What happens when a security researcher finds a hole in your code? Do have a clear policy to submit this kind of findings? Most not. Responsible Disclosure is something every company should manage, and Bug Bounties Programs help to improve the security as well as be in contact with the hacker community. During the talk we will see how a Responsible Disclosure Program or a BugBounty Program works, and how the company should focus and not forget about other mitigations and counter mesures related to security.

This post is excerpted from the talk presented at the CyberSecurity Meetup Helsinki, about vulnerabilities and bad implementations in several products. After trying to contact Norwegian in multiple times receiving no response, and as there is nothing related to aviation safety, it was decided to publish this article. Analysis On a…

KeyLemon, is a well known application from Switzerland, that allows to enter in your session without login or password, with more than 3 million of downloads and also is involved in an European Commission project funded by more than 4 million Euros. “KeyLemon’s latest face recognition algorithms take full benefit…

According to the last Internet Crime Complaint Center (IC3) report, cybercrime had a considerable, negative impact on U.S. businesses during 2015. More than $263 million were stolen from companies, causing total losses and damages of more than $1.07 billion. The report mentions several operations, types of crimes and attacks carried…