Researchers’ Blog

File upload vulnerabilities are fun to find, they are impactful by nature and in some cases even result in remote code execution. Nowadays, most developers are educated on insecure file upload implementations but in practice, it can still happen that a potential vulnerability is introduced. In this

Bug Bytes is finally back! Each month we sit down with experienced bug bounty community members to deliver this new insightful newsletter to help you find more bugs, keep you updated with the latest platform updates and programs on Intigriti and share upcoming community events! If you haven't subscr

Two-factor authentication (2FA) has become the go-to solution for strengthening account security. More and more companies are deploying 2FA implementations, and some even enforce them on their users to keep them secure against unauthorized access. But what if 2FA wasn't correctly implemented? In thi

Authentication vulnerabilities are fun to find as they are impactful by nature and often grant unauthorized users access to various resources with elevated privileges. Even though they are harder to spot, placed just at the 7th position on the OWASP Top 10 list, they still form a significant risk an

Bug bounty hunting can seem overwhelming when you're just starting, especially when you are coming from a non-technical background. And even then, bug bounty (or web security in general) is a vast topic with so much to grasp. Participating in bug bounties often also means competing along on bug boun

You've probably seen another bug bounty hunter or security researcher find cool bugs using internet search engines like Shodan or Censys. But when you tried to replicate their steps, it seemed like an impossible task and all you can conclude is that they just came across a unique case and got lucky.

Capture The Flag (CTF) challenges are fun to play, form a powerful training ground and help drastically develop your hacking skills. CTF competitions come in many forms, from malware analysis to web vulnerability challenges. Some CTF events also provide the winners with cash rewards (bounties), excl

We all like to find vulnerabilities in bug bounty programs, they get us bounties, increase our ranks on platform leaderboards and help us stay motivated to look for more of them. If you've been doing bug bounty for a while, your methodology will focus on finding an edge so that you can spot more vul

Bug bounty hunters who spend time in content discovery and reconnaissance, in general, are always rewarded well for their efforts as they often come across untested and hidden assets or endpoints. Google dorking is another way to leverage search engines to discover hidden assets and endpoints to inc

We’re excited to announce the new submission retesting feature on our platform! Simplify your ability to validate fixes across all your programs with a click of a button, including bug bounty, vulnerability disclosure, and hybrid pentest programs.  Let’s dive into the details! What is a submission r

Remote code execution (RCE) vulnerabilities are always fun to find for bug bounty hunters, they usually carry a huge impact and indicate a big upcoming payday. In this article, we will go over the 7 most common ways to achieve remote code execution by exploiting several vulnerability types. Let's di

Intigriti is thrilled to announce that Uphold, the leading multi-asset digital money platform, is celebrating four years of its bug bounty program with Intigriti. To mark this milestone, Intigriti sat down with Pedro Queirós, Uphold's VP of Cyber Security, to discuss the impact the bug bounty progra

We all know that reconnaissance is important in bug bounty, in fact, it is the most important phase in bug bounty & web app pentesting. Bug bounty hunters who perform effective recon are always rewarded well as they come across untouched features and hidden assets more often than others. This provid

We all had to start somewhere in bug bounty hunting and we all made mistakes along the way. Most of these often helped us learn more and become even better bug bounty hunters! If you're in your first years of doing bug bounty hunting or just starting and exploring bug bounties, we want to help you s

Cloudflare R2 buckets are recently becoming more popular as an alternative to AWS S3 buckets for their simplicity, integration support and zero-egress fees. Customers who opt-in to use Cloudflare R2 are not going to be charged for any traffic to and from the bucket. This often means a severely reduc

AWS S3 (Simple Storage Service) buckets are a popular storage service used by software companies and organizations to store public as well as sensitive data. However, the implementation of this service is not always correctly done. A single missing access policy can often introduce security risks, d

Cross-site request forgery—or for short CSRF—vulnerabilities are one of the most exploited web security vulnerabilities that result in performing unwanted actions. This client-side vulnerability can sometimes go unnoticed but delivers a devastating impact depending on the context. From basic action

Once viewed with caution, ethical hackers are now regarded as an essential asset for many cybersecurity teams around the globe. Their proactive approach to finding and surfacing security weaknesses enables security teams to stay several steps ahead of potential cyber attacks. As cyber threats grow i

London, UK & Antwerp, Belgium – Aug 06 – Intigriti, a leading platform in vulnerability management and bug bounty, announces today that it has been recognized by the CVE Program as a CVE Numbering Authority (CNA). The CVE Program is an international, community-based initiative dedicated to identifyi

SSRF—short for Server-Side Request Forgery—vulnerabilities are amongst one of the most impactful web security vulnerabilities. Even though they are less commonly found on targets they do take place on the OWASP Top 10 2021 ladder scoring the latest place (A10). SSRF vulnerabilities are known to have