Detectify Crowdsource is a platform for ethical hackers to scale the impact of their bug hunting through automation. Ethical hackers submit vulnerabilities they find in widely used technologies that are then automated and made available to thousands of Detectify customers around the globe to enable them to secure their external attack surface. Each time a vulnerability is found in a unique customer asset, a bounty is paid to the ethical hacker who submitted the vulnerability.
Earlier this year, we facilitated a survey to learn more about our community of elite ethical hackers. We have subsequently used many of these insights to inform our product roadmap in 2022 and as we plan for next year. We asked a variety of questions, ranging from how many hours per week they spend hacking to what motivates them to keep hacking. We had nearly 200 ethical hackers participate in our survey, most of whom are members of Detectify Crowdsource. We summarized a few learnings from our survey to share with those interested in hacking with Detectify Crowdsource.
Over 50% of our users are experienced security engineers
Detectify Crowdsource challenges ethical hackers to find vulnerabilities in technologies used most frequently to build web applications. It was no surprise to us to learn that most survey respondents primarily hack technologies associated with web apps. However, we were pleased to learn that over 50% of our community members work as security engineers in their professional lives.
We also learned that 30% of our community of ethical hackers have 5 or more years of experience as ethical hackers. This not only means that Detectify’s EASM customers benefit from vulnerabilities found by experienced security engineers, but that our members also get to learn from other skilled members. We set a high bar to join our community and we are glad to see this reflected in our survey results.
Ethical hackers join Detectify Crowdsource to earn and learn
We’re pleased to learn that we have such a talented community of ethical hackers. However, we know it takes more than a compelling reward system to keep our members engaged. While 34% of survey respondents said that earning money is their top reason for hacking, a whopping 36% claimed that they hope to advance their career and learn through ethical hacking.
There are many resources to improve your ethical hacking skills, and while we may be a little biased about some of our own content, we’ve listed some of our favorite resources:
- Hakluke (https://hakluke.com/)
- InsiderPHD (https://www.youtube.com/@InsiderPhD)
- tl;dr sec (https://tldrsec.com/)
- Frans Rosén (https://twitter.com/fransrosen)
- Farah Hawa (https://www.youtube.com/@FarahHawa)
Our EASM solution is powered by ethical hackers – we take that seriously
Detectify’s EASM platform tests our customer’s Internet-facing assets for vulnerabilities we’ve crowdsourced from our community of ethical hackers. Each time a vulnerability is discovered in a unique customer asset, the reporter of that vulnerability earns a bounty (no limit on earnings so long as that vulnerability is present in our customer’s attack surface). From day 1, we have prioritized support of our community – from quickly resolving issues and answering questions. We were reminded of how important a responsive team is through nearly 40% of survey respondents claiming that a responsive team is what makes a bug bounty platform most attractive.
Scale the impact of your next vulnerability finding with Detectify Crowdsource
Wondering how you can join our community of leading ethical hackers? Try out our signup challenge to see if you have the experience needed to join Detectify Crowdsource here.