Slideshow

Hacking competitions that will get you noticed

7 Photos Kacy Zurkus (CSO Online)

  • Hack the Pentagon From the Hack the Pentagon announcement to the Facebook Hacker Cup, there are loads of opportunities for those new to security to either participate in educational hacking competitions or simply learn by watching others compete. Michiel Prins, co-founder, HackerOne, and Ryan Stortz, security researcher, Trail of Bits, offered up a list of popular competitions and what they like most about some of them.

  • Uber Engineering Bug Bounty The engineering security team at Uber has developed a bug hunter treasure map inviting hackers to find vulnerabilities in their cn.uber.com service, which communicates with the Android and iOS apps while using Uber. Prins said, "Uber’s program is unique because it offers a first of its kind loyalty program and the treasure map gives hackers unprecedented transparency."

  • Yahoo's Hack U The development network division at Yahoo!, Hack U, offers a platform for different hacking competitions with "no rules or limitations." Prins said, ""Yahoo! has a large footprint on the web and diverse portfolio of products so there is always something new for bug hunters to find. This makes it a great program for newer hackers.""

  • GitHub at the core of it all The GitHub Bug Bounty Program offers a minimum prize of $200. Prins said, "GitHub is a core product for nearly all development teams -- if you are able to hack it and report a vulnerability you are potentially helping millions."

  • Google Unlike the unencumbered opportunites at Hack U, Google Bug Hunter University is much more explicit about their boundaries and expectations. "Google’s program is great for bug hunters. They are very particular and transparent about how they determine bounty awards and what technology is in scope. Google’s Bug Hunter University is also a great resource for hackers wanting to look for bugs in Google and any other program," Prins said.

  • Capture the Flag (CTF) "Many competitions (mine included) target the CTF community and tend to punish new people. Much like jazz musicians, we build off of challenges from our peers to pay homage and to show off. Unfortunately this means challenge, sophistication, and difficulty goes way up in a horrible feedback loop," Stortz said. Competitions like PicoCTF and Microcorruption are specifically targeted at new players and the stages. "They are meant to slowly build up fundamental skills (and in the case of PicoCTF specifically - recruit you to Carnegie Melon)," Stortz said.

  • A few more recommendations DropBox -- They pay competitive bounties, they store a lot of data and there are many components, like iPhone app, syncing with computer. It is more than just a web app which creates unique challenges and makes it a fun target for hackers. CyberCompEx is another community of highly skilled and talented researchers looking to connect through an online platform and various competitions. You can engage in a competition or view past competitions to get a taste of what they are all about.

Show Comments