Open in app

Sign In

Write

Sign In

Omar Benbouazza
Omar Benbouazza

20 Followers

Home

About

Nov 6, 2022

NullCON GOA 2022 — Tech Bug Bounty Panel

I had the great opportunity to participate as speaker at NullCON GOA 2022 last September, in the Tech Bug Bounty Panel with other Bug Bounty and Responsible Disclosure managers. The discussion revolved around the experience & challenges for an Organizations running their own active Bug Bounty Programs. Panelist: Rishika Hooda — Google Omar Benbouazza — IKEA Venkatesh Sundar — IndusFace Sandesh Mysore Anand — Razorpay

Bug Bounty

1 min read

NullCON GOA 2022 — Tech Bug Bounty Panel
NullCON GOA 2022 — Tech Bug Bounty Panel
Bug Bounty

1 min read


May 12, 2021

Building a BugBounty Program from Scratch

What happens when a security researcher finds a bug in your code or the way to access your customer data? Do you have a clear policy and flow to get the findings in a safe way? During this session I will show you how to create a Bug Bounty or Responsible Disclosure. Link: https://www.youtube.com/watch?v=5rSJpv0ZuZg

Bug Bounty

1 min read

Building a BugBounty Program from Scratch
Building a BugBounty Program from Scratch
Bug Bounty

1 min read


Apr 22, 2021

Building VDP for Success

Vulnerability Disclosure Programs (VDPs) are a clear way to tell the security researcher community how an organization wants them to report a vulnerability and what an organizations’ commitment will be to fixing it. They’ve been best practice among progressive tech companies for years and are expanding across new industries, with even governments beginning to mandate them as best practice. Find out the interview made by HackerOne, where I explain a success case.

Hackerone

1 min read

Building VDP for Success
Building VDP for Success
Hackerone

1 min read


Jun 22, 2020

Secrets on Github, a plage

Software Engineers are humans. Humans make mistakes, and anything that can go wrong, will eventually go wrong. There is a known and big issue in Git and SVN platforms where developers push their code, sharing sometimes more than they should. Most of the times this is fully visible by anyone…

Github

4 min read

Secrets on Github, a plage
Secrets on Github, a plage
Github

4 min read


Oct 31, 2019

Github Email Search Tool

At some point, maybe you had the need to contact the owner of a Github repository. That is a feasible thing but very manual, loosing a lot of time copy&pasting and searching. Now this will be easier with the online tool you can find below. Simple stuff. Tool Github Email Search

Tools

1 min read

Github Email Search Tool
Github Email Search Tool
Tools

1 min read


Oct 21, 2019

El cazador de cerebros — Documental TVE

Ciberataques. La delincuencia digital En este capítulo descubrimos como en el ciberespacio también existen el bien y el mal: los hackers éticos y los ciber-delincuentes se enfrentan en una lucha por atacar y defender los secretos, sin olvidarse que la ciber-policía patrulla las calles de las redes más oscuras. Link: http://www.rtve.es/m/alacarta/videos/el-cazador-de-cerebros/cazador-cerebros-ciberataques-delincuencia-digital/5417722/

Tve

1 min read

El cazador de cerebros — Documental TVE
El cazador de cerebros — Documental TVE
Tve

1 min read


Mar 6, 2019

Bug Bounty Program, does it help?

What happens when a security researcher finds a hole in your code? Do have a clear policy to submit this kind of findings? Most not. Responsible Disclosure is something every company should manage, and Bug Bounties Programs help to improve the security as well as be in contact with the hacker community. During the talk we will see how a Responsible Disclosure Program or a BugBounty Program works, and how the company should focus and not forget about other mitigations and counter mesures related to security.

Bug Bounty

1 min read

Bug Bounty Program, does it help?
Bug Bounty Program, does it help?
Bug Bounty

1 min read


Sep 20, 2016

Norwegian Air, playing with VOD system

This post is excerpted from the talk presented at the CyberSecurity Meetup Helsinki, about vulnerabilities and bad implementations in several products. After trying to contact Norwegian in multiple times receiving no response, and as there is nothing related to aviation safety, it was decided to publish this article. Analysis On a…

Norwegian

3 min read

Norwegian Air, playing with VOD system
Norwegian Air, playing with VOD system
Norwegian

3 min read


Jun 13, 2016

KeyLemon, bypassing face-authentication

KeyLemon, is a well known application from Switzerland, that allows to enter in your session without login or password, with more than 3 million of downloads and also is involved in an European Commission project funded by more than 4 million Euros. “KeyLemon’s latest face recognition algorithms take full benefit…

Vulnerability

3 min read

KeyLemon, bypassing face-authentication
KeyLemon, bypassing face-authentication
Vulnerability

3 min read


May 30, 2016

Intelligence Sharing, Blueliv Community

According to the last Internet Crime Complaint Center (IC3) report, cybercrime had a considerable, negative impact on U.S. businesses during 2015. More than $263 million were stolen from companies, causing total losses and damages of more than $1.07 billion. The report mentions several operations, types of crimes and attacks carried…

Blueliv

6 min read

Intelligence Sharing, Blueliv Community
Intelligence Sharing, Blueliv Community
Blueliv

6 min read

Omar Benbouazza

Omar Benbouazza

20 Followers

CyberSecurity at @IKEA and @RootedCON Staff.

Following
  • Román Ramírez

    Román Ramírez

  • cr0hn

    cr0hn

  • German Retamosa

    German Retamosa

  • Irene Prieto

    Irene Prieto

  • Petra Lindberg

    Petra Lindberg

See all (11)

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams