Секретный доклад безопасности yac 2014
DESCRIPTION
Секретный доклад безопасностиTRANSCRIPT
Yandex Bug Bounty 2.0
Yandex Bug Bounty
› Since 2011
› Web and mobile applications
› Based on OWASP Top 10
› From $100 to $3,133.7+
› Hall of Fame
Stats
› Over 1000 reports
› Mostly XSS and CSRF
› Over 120 really critical issues
› Hackers from all over the world
│Already paid 9 000 000 RUB
Thanks To
Abdullah Hussam Gazi
Abhibandu Kafle (Nepsecurity community)
Abhinav Karnawat
Adam Ziaja
Aditya Balapure
Ajay Singh Negi, iViZ Security
Alexander Bogdanov
Alexander Grebenshikov
Alexander Raspopov, Positive Research Center
Alexander Timorin, Positive Technologies
Alexander Yakush (First Line Software)
Alexandru Luchian
alexbyk
Alexey Kheben [zbit]
Alexey Reutov
Alexey Sintsov, Nokia
Ali Rahman Kose
Andrea Santese
Andrew Krasichkov, Bitrix inc.
Andrey Danau, ONsec research lab
Andrey Levshin
Andris Atteka
Ankit Bharathan
Anna Zakharenko
Artem G. (ai0x1337)
Artem Zinenko
Artur Czyz
Artyom Safonov
Ashar Javed
Avram Marius Gabriel
azt59
Bastian Welfrid Purba
Blake Askew
Bo0oM
Bogdan Korzhinskiy
Boris dukeBarman Ryutin, Esage Lab
Boris Ryutin, TZOR (Esage Lab)
Charlie Eriksen
Chilik Tamir
Christian Galeone
Chuck Shriver
Crossera
Daoyuan Wu and Rocky Chang
Deepak Kivande
Deepanker Chawla
Denis Kolegov
Denisow Denis
Digital Security, ERPscan
Dmitriy "D1g1" Evdokimov, Digital Security
Dmitriy Shcherbatov
Dmitry
Dmitry chipik Chastuhin
doctu.ru
Dylan S. Hailey
Ebrahim Hegazy (Starware)
Ehraz Ahmed
Emanuel Bronshtein
Eugene Farfel
Eusebiu Blindu
Evan Ricafort
Evgeniy
Evgeny Ermakov, Positive Technologies
Evgeny Formanenko
Evren Yalcın
F5 Networks
Fabian Cuchietti
Firstov Mihail (cyber-punk), Positive Technologies
Frans Rosén, Detectify
Fredrik Nordberg Almroth, Detectify
Gaku Mochizuki, Mitsui Bussan Secure Directions, Inc.
George Noseevich
Gokmen Guresci
Gurjant Singh, Xarro Team
Hamid Ashraf
Hardik Tailor
Harikrishnan
Hip of Insight-labs
Humit Dog
Igor Agievich
Igor Babichev
Ilya Aniskovets (MD5 File)
inSafety.org
Issam Rabhi
Ivan Filipev
Jack "fin1te" W
Jakub Zoczek
Jaroslav Olejnik - O.J.A.
Jayesh Singh Chauhan
Kaleem Shaik
Kamil Sevi
Keita Haga
Kenneth F. Belva
Kirill Firsov
Kirill "isox" Ermakov
Krasov Alex
Krutarth Shukla
Leonid Shagabutdinov
Likwid
Lukasz Pilorz
Mar Adrian Belen
Mario Gomes
Martin Obiols Herrera
Masato Kinugawa
Matvej Mascenko aka. killr0x33d
Maxim Tsoy
MD5 File
Michal Lubicz-Sienicki
Mikhail Oblozhikhin
Milad Bahari Rad
Milana Shafigullina
Mohamed Ramadan
Mohammad Navaid Zafar Ansari & Zeeshan Sultan
Mohammed Abdulqader Al-saggaf
M.R.Vignesh Kumar
Muhammad Waqar
Narendra Bhati
Natalya Shafigullina
N B Sri harsha
Neil Bergman
Nicolas Grégoire
Nikhil.P.Kulkarni
Norwin R. Boniao
Nutan Kumar Panda
Oles Seheda
Olivier Beg
Omar Ganiev (beched)
ONsec research lab
Osman Dogan
Pavel Markov
Pavel Toporkov, Positive Technologies
PIKU
Positive Research Center
Positive Technologies
Practical Security Lab
Prajal Kulkarni
QIWI
quark, Soft Format
Rafay Baloch
Rajesh TV
Raj Sukali
Rakan Alotaibi
Ranjeet Singh
Rebz (antichat)
Reutov Alexey
Riaz Ebrahim
Roman Imankulov
Roman Shafigullin
Sabari Selvan
Sahil dhar
Sahil Sehgal
Sahil Sehgal
(breakingmesh.blogspot.com)
Sakurity
Sand Storm
Satish Bommisetty
Security Primes
Sergey Belov (ERPScan)
Sergey Bobrov, Positive Technologies
Sergey Markov
Sergey Pavlov
Sergey Vasilyev
shr
Shubham Mittal, Iviz Technos Solutions.
Shubham Raj
Simon Bräuer
SimranJeet Singh (TurbanatorSJS)
sj
Sobolev Evgeny, "PentestIT"
Sourav Bhadra
Stanislav_Lastovka
Stefan Schurtz
Sudhanshu_C
SUHAS SUNIL GAIKWAD
Szymon Gruszecki
TANUJ JANE ( Orion India IT
Services )
tghc.co
Thamatam Deepak
Thibaud Rondet
Tianqi Zhang(FreeBuf)
Timorin Aleksandr, Positive Technologies
Toledo Jaime
Tolmachev Evgenii, Positive Technologies
Umer Shakil
Umraz Ahmed
Vasil A.
Veli-Pekka Vainio
Victor Litvin
Vikas Chopalli and Naresh Chattala
Vitaliy Potapov
Vitaly Pankevich
Vladimir '3APA3A' Dubrovin
Vladimir Pronozin
Vladimir Vorontsov
Wallarm research
Wan Ikram
Yaroslav Olejnik - O.J.A.
Yu-Cheng Lin (AndroBugs)
Yuji Kosuga
Yuri Popoff
Version 2.0
WOPR: Shall we play a game?
Not Simply Icons
│Reward Amount * Magic Ratio = Yandex Sponsored
Meet new Yandex Bug Bounty at yandex.com/bugbounty