Are you ready to find the breach?
WHO CAN PARTICIPATE
The challenge could be followed by any Barcelona Cybersecurity Congress or IoT Solutions World Congress visitor.
It is mandatory to sign up for this activity, you can do this in your private visitor area. If you don’t have your ticket yet, register now and join the game !
ABOUT BUG BOUNTY CHALLENGE
With the collaborative security in the spotlight of Barcelona Cybersecurity Congress (BCC) and it’s partners will provide researchers attending the challenge with the differents scenarios where they will be able to track down security breaches and perhaps win the challenges!
The challenge as well as the assets of the scenario will be revealed on the 10 May in the morning on the Hacking Village, and the hunt will last for one day.
During all activity researchers will be able to send reports using Epic Bounty Platform. All reports issued by researchers will be reviewed by members of a jury so Top Ten classification during the challenge will be only illustrate and inclonclusive until jury’s veredict.
The jury will decide on the three best participants. Then they will receive the following prizes :
- First prize: 1700€
- Second prize: 600€
- Third prize: 300€
BUG BOUNTY'S TIMELINE
Bug Bounty Welcome & Start-Up
Bug Bounty challenge will be revealed on May 10 from 10.30 a.m to 11.00 a.m in the Hacking Village. After that, the competition will start up.
closing bug bounty challenge
Bug Bounty Platform will be available with the aim to all researchers will be able to send its bug reports.
Bug Bounty PlatformClosing Bug Bounty Platform
After 06.00 p.m on May 10 Bug Bounty Platform will be disabled and researchers won’t be able to send any other report.
On May 11 at 06.30 p.m. will be placed the Awards Ceremony where three participants with best scoring will receive prizes.
What is the security value of a bug bounty program
Applications are often tested with a similar methodology over a limited period of time. Bug bounty allows new testers to throw a fresh pair of eyes on the security of your application.
Even organizations with frequent security testing (for example each release) still receive valid critical security vulnerabilities from their bug bounty program on old features as well as newer (recently tested) features.
lower price per vulnerabillity
Unlike traditional testing where the price of the test is defined by the scope and/or experience of the testers, a bounty is only paid for a valid vulnerability.
This often makes the price per vulnerability of bug bounty lower than a traditional security test.
Bug bounty however cannot replace traditional testing as there is no assurance the parts of your application you want to be tested, are actually tested.
ACCESS TO MORE TESTERS
Traditional security testing is performed by 1 or 2 security testers. Due to the size of the application and time constraints, they are often limited to testing the newest features.
In comparison, a bug bounty program allows EasyWay to be tested by tens or hundreds of security testers. They are not constrained in time and may put more effort into testing your application than a regular security test.
Continuous and Recurring
In comparison with traditional testing, which will be at one point in time (after each release), bug bounty provides a continuous stream of testing.
From EY’s experience, ethical hackers will get familiar with your application and continuously test your application. If provided with information about updates, they will also recurrently test those new features.