- Joined
- Jun 21, 2020
- Messages
- 5,633
- Reaction score
- 1,368
- Points
- 1,012
- Awards
- 4
There are 3 types of hackers.
The former put a higher goal in their actions, hacking the websites of government organizations. The latter find gaps in financial and user systems, wanting to get rich quickly. Still others engage in hacking out of interest, challenging themselves and others.
From the point of view of the law, all these groups are equal, and any actions that cause damage are prohibited. But the latter can take an alternative path, engaging in legal hacking.
For many years, the word "hacker" had a negative connotation. But today, "white hats" — programmers who search for security holes for free or for a fixed fee-are gaining more and more popularity and respect.
At the beginning of the millennium, large companies and government organizations realized that they should not fight hackers, but cooperate. This may not completely eliminate attacks, but it greatly reduces their number. Rewards depend on the size of the company and its level of security. Here are some examples:
Bugcrowd
One of the largest platforms for legal hacking. At the moment, more than 22 thousand hackers are registered on it. The amount of payments exceeded $ 1 million.
Well-known clients: Microsoft, Western Union, Tumblr, MasterCard, Pinterest.
How it works: you register, go to the program page, get acquainted with the conditions, break the system, write a report, and receive a transfer to the next environment.
Synack
The first of these platforms. It has a serious approach to the selection of hackers: you need to register, send a resume, pass tests and interviews. Among the features — the fact of a one-time payment in the amount of 30 thousand dollars.
Notable clients: The Department of Defense and the Internal Revenue Service.
How it works: after you sign up for the Red Team, tasks will be sent automatically. Payouts within 24 hours.
HackerOne
HackerOne is known for having the largest number of rewards. At the moment, the amount has almost reached $ 20 million. You will have to break the API, IoT systems, and iOS and Android apps.
Notable clients: Uber, Yahoo, Starbucks, Adobe, Snapchat, US Department of Defense.
How it works: you register, sign up for a task, find a bug, send a report, and receive a reward via PayPal in a maximum of 7 days.
Cobalt
A young platform for small companies. There are no big payouts here, the fixed fork is $ 100-1000.
Notable clients: Weebly, Wix, Nexmo.
How it works: register as a tester. After completing the task, you must submit a report in the specified form and wait up to 30 days for payment. You will receive the money via PayPal or cryptocurrency.
Thanks to such hacker platforms, you can test your knowledge without crossing the line of the law. In addition, it is very fun: where else can you legally hack the website of the US Department of Defense, and even get several tens of thousands of dollars for it. It's a small matter to find a security breach.
The former put a higher goal in their actions, hacking the websites of government organizations. The latter find gaps in financial and user systems, wanting to get rich quickly. Still others engage in hacking out of interest, challenging themselves and others.
From the point of view of the law, all these groups are equal, and any actions that cause damage are prohibited. But the latter can take an alternative path, engaging in legal hacking.
For many years, the word "hacker" had a negative connotation. But today, "white hats" — programmers who search for security holes for free or for a fixed fee-are gaining more and more popularity and respect.
At the beginning of the millennium, large companies and government organizations realized that they should not fight hackers, but cooperate. This may not completely eliminate attacks, but it greatly reduces their number. Rewards depend on the size of the company and its level of security. Here are some examples:
- Tesla is willing to pay $ 10,000 to anyone who finds a security flaw.
- Pinterest rewards start at $ 50, with an upper limit of $ 1,500.
- The one-time earnings limit for hacking DropBox is just under $ 5,000.
- Facebook has a fixed rate per bug - $ 500.
Bugcrowd
One of the largest platforms for legal hacking. At the moment, more than 22 thousand hackers are registered on it. The amount of payments exceeded $ 1 million.
Well-known clients: Microsoft, Western Union, Tumblr, MasterCard, Pinterest.
How it works: you register, go to the program page, get acquainted with the conditions, break the system, write a report, and receive a transfer to the next environment.
Synack
The first of these platforms. It has a serious approach to the selection of hackers: you need to register, send a resume, pass tests and interviews. Among the features — the fact of a one-time payment in the amount of 30 thousand dollars.
Notable clients: The Department of Defense and the Internal Revenue Service.
How it works: after you sign up for the Red Team, tasks will be sent automatically. Payouts within 24 hours.
HackerOne
HackerOne is known for having the largest number of rewards. At the moment, the amount has almost reached $ 20 million. You will have to break the API, IoT systems, and iOS and Android apps.
Notable clients: Uber, Yahoo, Starbucks, Adobe, Snapchat, US Department of Defense.
How it works: you register, sign up for a task, find a bug, send a report, and receive a reward via PayPal in a maximum of 7 days.
Cobalt
A young platform for small companies. There are no big payouts here, the fixed fork is $ 100-1000.
Notable clients: Weebly, Wix, Nexmo.
How it works: register as a tester. After completing the task, you must submit a report in the specified form and wait up to 30 days for payment. You will receive the money via PayPal or cryptocurrency.
Thanks to such hacker platforms, you can test your knowledge without crossing the line of the law. In addition, it is very fun: where else can you legally hack the website of the US Department of Defense, and even get several tens of thousands of dollars for it. It's a small matter to find a security breach.