David Sopas – Web Security Researcher

Bug Bounty

21/08/15 Bug Bounty , Meetings # , ,

Bounty Chitchat

Bounty Chitchat

On 28th august at 09:00PM (UTC/GMT +1 hour) I’ll create a channel on hack.chat where security researchers working on bounties could talk together and share ideas.
I’m thinking about an hour duration.

The main topic is bounty programs so everything around it could be discussed.
I’ll provide the link to the chat on Twitter 5 minutes ealier so don’t forget to follow me @dsopas.

Remember: Save the date!

no responses
19/08/15 Bug Bounty , Challenge # , , , , ,

Results for the XSS challenge

For the first challenge it was very interesting. It was easy challenge but it’s a start. New challenges will be up soon.

The winners are [they were the first ones to give one solution]:

1º Luciano Corsalini – $50 Amazon gift card

#<svg/onload=alert(`xss`)>

2º Kenan – $25 Amazon gift card

#<svg/onload=alert(/xss/)>

For the bonus prize it wasn’t easy to choose. I decided to give $25 Amazon gift card to the most creative XSS vector.

The winner was Abdulrahman Alqabandi

#<iframe/src=//14.rs>

Also I would like to share another pretty good solution from Ashar Javed:

<p/oncut=alert`xss`>x

Congratulations to the winners and to all participants. Thanks for your time and effort.
Winners will be contacted soon by email.

 

3 responses
13/08/15 Bug Bounty , Interesting Readings # , ,

Interview to Tek Sapo about bug bounty

I was covered in a portuguese article for Tek Sapo about my bug bounty activities, specially at Cobalt.io.

If you know portuguese language feel free to take a look: http://tek.sapo.pt/expert/artigo/ha_um_portugues_no_top_de_um_dos_maiores_programas_de_caca_ao_bug-43785gpm.html

Or else translate it at Google.

no responses
06/08/15 Bug Bounty , Swag # , ,

First to reach 1000 rep score on Cobalt.io

First to reach 1000 rep score on Cobalt.io

Yes! I made it.

Since my registration on March this year I reached more than 1000 reputation points on Cobalt.io and become the first to do it.
Most of the points were made on private/invite only programs but a couple of them were also public in companies like Nexmo, Weebly, DoSomething and Circle.

My next goal? Keep having fun with the guys on Cobalt.io. They’ve a great team and are supported by many talented security researchers.

If you are a company who needs security checked by professionals just register your program.

no responses
06/08/15 Bug Bounty , Donations # , ,

Sharing is caring!

Sharing is caring!

I always try to help the local dogs and cats shelter with food and medications.
Some extra cash from bug bounties helped me to give more often so I try to do my best.

The reward is priceless! Dogs and cats that were abandoned with a better way of life.

Hope you guys do the same…

no responses
03/08/15 Bug Bounty , Swag # ,

I’m number 1 on Cobalt.io

I’m number 1 on Cobalt.io

Just checked the Hall of Fame of Cobalt.io and I’m now number 1 in the rank. Not bad for a portuguese guy that started in March.

Next objective… 1000 points! Let’s go!

2 responses