If you are an into ethical hacking, you can use multiple penetration testing operating systems like Kali OS or parrotOS. If your focus is on Web application penetration testing, you can search on tons of websites that allow legal hacking for practice purposes. But more importantly, you can join ethical hacking platforms that crowdsource hackers for bug disclosure.
Such platforms are gaining traction because traditional approaches like code scanning tools and single-source evaluations only give a partial view of risk and exposure in an organisation. In fact, they usually fail to maintain with the ever-evolving advanced tactics of hackers.
On crowdsourcing platforms, network infiltration testing uses a worldwide group of ethical hacking experts to reveal a bigger number of vulnerabilities than what regular penetration testing can convey. Using a bug bounty model and combining it with automation, the platforms are helping spread all conceivable attack situations including business logic flaws and filling the hole left by software-led security testing for web, mobile, desktop applications, APIs, network systems and more.
HackerOne- The Biggest Ethical Hacking Platform
In the category of crowdfunded ethical hacking platforms, HackerOne is the biggest organisation of its kind. HackerOne is touted hacker-fueled pentest and bug bounty platform, helping companies discover and fix basic vulnerabilities before they can be misused. It started In 2011 when Dutch programmers Jobert Abma and Michiel Prins endeavoured to discover security vulnerabilities in 100 noticeable tech organisations. They found vulnerabilities in the entirety of the organisations, including Facebook and Google, Apple, Microsoft and Twitter. Naming their efforts ‘Hack 100’, Abma and Prins reached the firms.
While numerous organisations disregarded their findings, the COO of Facebook, Sheryl Sandberg, forwarded the findings to her head of product security, Alex Rice. Rice, Abma and Prins associated, and together with Merijn Terheggen established HackerOne in 2012. Today, more Fortune 500 and Forbes Global 1000 organisations trust HackerOne than any other hacker-enable ethical hacking network. It has more than 1,600 client programs running, including The U.S. Division of Defense, General Motors, Google, Goldman Sachs, PayPal, Hyatt, Twitter, GitHub, Nintendo, Lufthansa, Microsoft, Qualcomm, Starbucks, Dropbox and many others. HackerOne has found more than 140,000 vulnerabilities and grant over US$71 million in bug bounties to a developing network of more than 550,000 programmers. For companies that discovered vulnerabilities before they were misused utilising HackerOne, Forrester discovered advantages of up to $1.6 million and an ROI of up to 646%.
Bugcrowd Ethical Hacking Group Saw 80% Increase In Payouts In 2019
Another major ethical hacking platform is Bugcrowd, which in October alone paid out $1.6 million to about 550 white hat hackers from around the globe who by and large announced a sum of 6,500 vulnerabilities in software across organisations connected with the platform. According to Bugcrowd, the greatest payout of $40,000 went to a programmer who uncovered a bug in a car software product. In fact, recently more than $513,000 of those payouts was made simply a week time—a record in a 7-day time frame for Bugcrowd since it started in 2011.
As per Bugcrowd, bug bounty payouts for 2019 so far is over 80% higher than a year ago’s payouts, implying that ethical hacking and security research is finding and revealing much more vulnerabilities and software bugs than any time in recent memory under the program.
Businesses and organisations using managed vulnerability chasing and disclosure programs using platforms like Bugcrowd have let independent hackers and bug hunters jab and nudge at their software for security vulnerabilities. The objective is to give companies an approach to discover bugs in their product that they may have generally missed—and more efficiently than if they somehow managed to employ their own security specialists for the activity. As of now, a huge number of security analysts from around the globe are joined with the platform. Vehicle hacking expertise tends be a lucrative skill set, according to Bugcrowd. About 30% of them are from the United States. India has the second biggest number, trailed by Great Britain, Baker says.
Swedish Platform Detectify Also Raised Funds Recently
Detectify is another company runs an ethical hacking network recently raised $23 million in a recent funding round. This platform sees top-positioned security scientists submit vulnerabilities that are then incorporated with the Detectify scanner and utilised in clients’ security tests. This consolidates the best of human ingenuity combing with AI to give security expertise.
Detectify was established in 2012 by a group of top Swedish ethical hackers who set out to give each organisation a similar degree of security as the world’s biggest software organisations and Government security services. Detectify does this through ‘Detectify Crowdsource’- an ethical hacking network where hackers are screened and become members through an invite-only system.
“Companies are making applications and users happily enter their data into these applications, but the applications are built from a variety of technologies that are changing quickly (open source, plugins, funky js-frameworks), without a particular vendor “responsible” for the security,” stated Detectify co-founder and CEO Rickard Carlsson.
This Detectify Crowdsource platform has encountered accelerated growth, with the network modules having just discovered 110,000+ vulnerabilities in Detectify’s clients’ benefits over the most recent eighteen months. The ethical hackers are paid each time their submitted module recognises a vulnerability on a client’s web applications. As each detailed vulnerability could help Detectify secure several web applications through automation, ethical hackers in the crowdsourcing platform have a lot more extensive effect than in conventional, manual ‘bug bounty’ programs.
Developers normally have a long backlog and many times, security testing gets lost despite a general sense of vigilance due to restricted time. It’s additionally close outlandish for any single developer or a single team to physically security test code while staying aware of the most recent vulnerabilities. By utilising automation, the crowd intelligence by means of integration with mainstream developer tools can help discover help get security issues before each new release. As no unmistakable vendor is answerable for conveying about software security apart from OS providers, the need for platforms that gather the collective knowledge of white hackers is great, especially combining it with automation tools.