Author: Osanda Malith Jayathissa

I got rewarded by Apptentive for reporting a server side and a sensitive data exposure issue in their website. I got a t-shirt and a certificate as a reward.

(more…)

For reporting a DOM XSS vulnerability and 2 self XSS issues in yougetsignal.com my name got published in the Thanks section 😉

http://www.yougetsignal.com/links/

Thanks to Kirk Ouimet for his kind co-operation 🙂

I was able to report a bug in their official blog and my name got listed in their Thanks section 🙂

http://www.viadeo.com/aide/security/

Lavasoft had a reflected XSS vulnerability in the main website and also I was able to find self XSS in one of the sub-domains. So as  a result of responsibly disclosing to them I was acknowledged with a digital cert 🙂 Thank you very much guys! 🙂

I really wanted to get my name in the Zendesk website. At first when I saw the number of security researchers I got amazed and taught I would never be able to find anything. But I didn’t give up. I was able to find DOM XSS in the main website 🙂 I did not test their interface even just read all their arguments clearly and was able to find a poor sanitation in the JavaScript code.

Read more about their policy: http://www.zendesk.com/company/responsible-disclosure-policy

Zendesk swag is still on the way 😉 Thank you guys very much ! <3

update:  On 16th of October I received the Zendesk swag. 😉

Attack-secure is a leading real world penetration testing course provider. They have a special White Hat program for reporting vulnerabilities.  So I was able find a security issue related to a plugin used by the server. Also got rewarded by their penetration testing course Samurai Skills. Read more info on:

http://attack-secure.com/whitehat

Thank you very much for the Thanks and the reward! 🙂

I was able to responsibly report a content spoofing vulnerability in there blog and I got acknowledged like this 🙂

https://twitter.com/SnackTools/status/385741308746166272

This time I found a vulnerable version of Apache in the HTTP header of a sub-domain in Nokia.com For this my name got published for the third time 🙂

http://www.nokia.com/global/security/acknowledgements/

Special Thanks to the Nokia Incident Response Team 🙂

MalwareBytes rewarded me with a t-shirt and $250 for finding 6 DOM XSS vulnerabilities in their website 🙂

Special thanks to Lauren Parks from MalwareBytes Team 🙂

I was able to identify a sensitive data exposure in the MailChimp website. My name got listed as a acknowledgement.

http://mailchimp.com/about/security-response/

Thank you MailChimp security team 🙂