Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Want to earn $10,000? Just hack website and Application of “UBER”!

 

On this Tuesday, ride-sharing company UBER has launched a Bug Bounty Program. UBER has launched this Bounty Program for company’s website and for application as well. The main goal behind this program is to encourage security researchers to find vulnerability and security issues in company’s website and application. It will be a mutual benefit for both UBER and the security researchers.

Chris Valasek and Charlie Miller are two car hacking experts. Both of them have been hired by UBER last year. Now UBER is in the list of those companies, which are running Bug Bounty Programs and offering large amount as prize to the security researchers. Before this latest bug bounty program, UBER was running a beta bug bounty program. More than 100 vulnerabilities were reported by security researchers in that particular testing period.

This Bug Bounty Program is applicable on domains, such as “uber.com”, “.dev.uber.com”, “ubermovement.com” and “petition.uber.org”. Security researchers are invited to analyse official Android and iOS apps of UBER also. All the blogs, websites and partner incentive sites owned by UBER are part of this Bug Bounty Program.


Security researchers are allowed to find following vulnerabilities under this Bug Bounty Program:

1.Cross-Site Scripting (XSS)

2.Server-side request forgery (SSRF)

3.SQL Injection

4.Cross-Site request forgery (CSRF)

5.XML external entity (XXE)

6.Server Side remote execution

7.Open redirect path disclosure

8.Local File Disclosure

9.Information Disclosure

10.Access Control

11.Directory Traversal

 

UBER is offering 10,000 US Dollars for each critical vulnerability, such as remote code execution vulnerability. Hackers could exploit these critical vulnerabilities to gain the access of internal network and production server. Therefore UBER is offering large amount to security researchers to find out these types of security flaws, as they want to make secure their financial and personal sensitive information.  For stored XSS flaws and other information disclosure vulnerabilities, UBER is offering 5000 Dollars.

For vulnerabilities such as CSRF, Access control bugs, reflected XSS and information disclosure, UBER is offering $3,000. Researchers are also allowed to report about fraud activities, but no prize is available for these reports at the time. Security researchers are allowed to publicly publish their findings, after the vulnerability they found is resolved.

 

Also read: Top 5 Mistakes which cause Security Breaches in IT companies!

This bug bounty program of UBER, has been hosted on the HackerOne platform. Those security researchers are applicable for a bonus, who will find more than 4 security issues till 1st of May. It is the first loyalty reward program of UBER.

UBER have faced two major security incidents last year. First one was related unauthorized access gained and license numbers of 50,000 UBER drivers were at risk. In second incident, personal details of US UBER drivers were in the hand of hackers. This bug bounty program is a proof of the fact that UBER is worried about the security of his customers and Employees.

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.