The 10 vulnerabilities most commonly discovered by bug bounty hunters

guest · Oct 29, 2020

The 10 vulnerabilities most commonly discovered by bug bounty hunters in 2020
HackerOne's list was topped by cross-site scripting, and found improper access control and SSRF vulnerabilities
October 29, 2020
https://www.techrepublic.com/articl...nly-discovered-by-bug-bounty-hunters-in-2020/

Bug bounty platform HackerOne has released its list of the most commonly discovered security vulnerabilities for 2020, with the 10 vulnerabilities listed accounting for $23.5 million in payouts to white hat hackers hunting down bugs and reporting them on its platform.

HackerOne calls its top 10 list one of "the most impactful and rewarded vulnerability types," and it consists of the following, in descending order: [...]
Click to expand...

HackerOne has four key findings that it takes away from the list: The persistent threat of XSS, a rapid rise in improper access control and information disclosure, SSRF vulnerabilities becoming much more dangerous, and a decline in SQL injection attacks.

Topping the list for the second year in a row is cross-site scripting, which involves an attacker injecting code into a website to steal data, user credentials, and other information. 2020 saw a 26% rise in XSS bug payouts, and XSS accounted for 18% of all bugs reported on HackerOne.
In a small bit of good news, SQL injections, simple yet potentially devastating attacks, have been on the decline.
Click to expand...

Log in or Sign up

The 10 vulnerabilities most commonly discovered by bug bounty hunters

guest Guest

Log in or Sign up

The 10 vulnerabilities most commonly discovered by bug bounty hunters

guest Guest

Useful Searches