[Owasp-leaders] Bug Bounty page

johanna curiel curiel johanna.curiel at owasp.org
Tue Jun 21 11:06:43 UTC 2016


I would re-write a little the text in here. To clarify this.

At the moment we have a bounty for projects, starting with ZAP and next
week we will make a bigger launch for projects like:
OWASP CRSFGuard
Java Sanitizer
Anti Samy
App sensor
ESAPI java
ModSecurity CRS rule


For this Bounty there is a page and a website hosting the apps protected by
some of these libraries
https://www.owasp.org/index.php/Bug_Bounty_Projects

which is hosted here:
http://bounty-crsfguard.info
http://bounty-crsfguard.info:8080

I have requested Claudia to create a repo under OWASP Github to host the
apps such as this:
https://github.com/owaspjocur/Apache-Shiro-CSRFGuard

In order to make things much easier for us, we will provide the example web
apps with the protected libraries (Like Apache-Shiro example app protected
with CRSFGuard) for the researchers to test with a clear setup , example
OWASP Webgoat protected by Appsensor. We have our environment for own
validation.


We have to take that page out because there are Bug Bunters that have
submitted issues under ZAP that are for the Wiki and not ZAP.

We have to make clear OWASP is not running at this moment any bug bounty on
the infrastructure.

On Tue, Jun 21, 2016 at 2:35 AM, Andrew van der Stock <vanderaj at owasp.org>
wrote:

> Even as draft, can you please make it clear it only applies to OWASP Zap
> at this stage, and not our infrastructure, which remains off limits.
>
> Folks only get rewarded for Zap bugs as per the Bug Bounty rules for bugs
> they find on their own systems. Not GitHub's, not ours.
>
> https://bugcrowd.com/owaspzap
>
> So get kudos for finding Zap bugs. Go nuts!
>
> thanks,
> Andrew
>
> On Tue, Jun 21, 2016 at 12:51 PM, johanna curiel curiel <
> johanna.curiel at owasp.org> wrote:
>
>> Wiki editors
>>
>> I have set this page as draft cuz is confusing peeps about OWASP running
>> a bug bounty
>>
>> cheers
>>
>> --
>> Johanna Curiel
>> OWASP Volunteer
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
>


-- 
Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160621/370175f7/attachment.html>


More information about the OWASP-Leaders mailing list