Return to search

Penetration Testing of Web Applications in a Bug Bounty Program

Web applications provide the basis for the use of the "World-Wide-Web", as people know itnowadays. These software solutions get programmed by a numerous amount of developersall over the world. For all this software, it is not possible to guarantee a 100 percent security.Therefore, it is desirable that every application should get evaluated using penetration tests.Anewformof security testing platforms is getting provided by bug bounty programs, whichencourage the community to help searching for security breaches. This work introduces thecurrently leading portal for bug bounties, called Bugcrowd Inc. In addition, web applications,which were part of the program, got tested in order to evaluate their security level.A comparison is made with given statistics by leading penetration testing companies, showingthe average web application security level. The submission process, to send informationabout vulnerabilities, is getting evaluated. The average time it takes, to receive an answer regardinga submission is getting reviewed. In the end, the findings get retested, to evaluate, ifthe bug bounty program is a useful opportunity to increase security and if website operatorstake submissions serious by patching the software flaws.

Identiferoai:union.ndltd.org:UPSALLA1/oai:DiVA.org:kau-32404
Date January 2014
CreatorsSchulz, Pascal
PublisherKarlstads universitet, Institutionen för matematik och datavetenskap
Source SetsDiVA Archive at Upsalla University
LanguageEnglish
Detected LanguageEnglish
TypeStudent thesis, info:eu-repo/semantics/bachelorThesis, text
Formatapplication/pdf
Rightsinfo:eu-repo/semantics/openAccess

Page generated in 0.0023 seconds