All over the world, in addition to using all security services and products, a vulnerability hunter plan is also used, which has been very effective in increasing the security level of famous websites, this is why companies have started arranging Bug Bounty programs. These programs have motivated bug hunters to constantly search for vulnerabilities on popular platforms and websites in order to receive rewards and credibility.
| Date | Type of Vulnerability | Vulnerability Link | Place of Registration |
|---|---|---|---|
| 2019-10-17 | Cross-Site Scripting | WordPress Plugin Soliloquy Lite 2.5.6 | exploit-db |
| 2019-09-26 | Cross-Site Scripting | all-in-one-seo-pack 3.2.7 | exploit-db |
| 2019-06-10 | Cross-Site Scripting | UliCMS 2019.1 Spitting Lama | exploit-db |
| 2019-09-26 | Cross-Site Scripting | Duplicate-Post 3.2.3 | exploit-db |
| 2019-10-17 | Cross-Site Scripting | WordPress Plugin FooGallery 1.8.12 | exploit-db |
The main cause of infiltration of an organization or web services is code based vulnerabilities, these vulnerabilities are often hidden from the view of scanning software, Therefore, Bug bounty is a common program in the world, and large and interested companies always welcome these programs and use the potential of this program to increase their level of security. Bug Bounty programs are very interesting.
Bug bounty program is a type of business that is created with the agreement of the hacker and the Internet service provider. In our country, there is always an effort to respect this business culture and encourage researchers to interact with service providers to bring a win-win game and corporation for each party, as a result, researchers have emerged who are interested in always participating in bug hunting programs and making money this way.
Business equations are always prevalent in the field of scientific validation, and those who want to be successful in the cyber security labor market must do one of the components of validation, namely bug hunting, this validation shows the quality level of the researcher and causes researcher to introduce himself / herself as a expert, so participating in bug bounty programs is a double-edged sword that will bring financial benefits.
One of the solutions to increase the level of security in an organization is to implement various scenarios of advanced cyberattacks in a simulated way and using a combination of penetration testing expertise and red team we are able to assess all vulnerabilities and defects of defense security infrastructure. These assessments are based on the techniques that Advanced Persistent Threat teams use to anonymize and invisible their files, which allows the Security Control Center (SOC) to be evaluated to respond Predictable to a real attack. This can greatly help to recognize behavior of real attackers.
One of the requirements of any organization is to use defensive solutions, it means that along with the deployment of defense services such as NIDS \ HIDS and EDR, the potentials of the experts should be used. Experts in the field of defense security are divided into the blue team and forensic. blue team experts set up, configure and monitor the defense mechanisms. The digital forensic team is a complementary that is responsible for threat hunting and gathering threat information. Another task of forensic teams is to perform reverse engineering, which neutralizes ransomware if used in the attack.
