Web security trends to watch for 2020 – 10 minute mail

What are web security trends for 2020? This year we anticipate the build-up of a new security market category, growing targets in automation, a new perimeter and continuation of DevSecOps. Here is what we are watching for in 2020:

Disposable mail's web security trends for 2020

Rise of the “Crowdsourced Security” market

Keeping up with the threat landscape is a common pain point for many developer teams and C-level personnel. In fact, 48% of developers in this survey know security is important but don’t have enough time to spend on it. Even with a good overview of your software asset inventory, the digitalization of companies requires modern and automated ways of working with security, which is why more are adopting Crowdsourced security. This means they are gathering security knowledge from external experts – ethical hackers and bug bounty hunters. This is the principle behind Disposable mail Crowdsource.

Crowdsourced security is an up-and-coming industry and MarketsandMarkets reported that it will grow up to USD 135 million by 2024. Bug bounty programs could be the first thing that comes to mind, but there are other companies in this space offering options that don’t require top-dollar. For example, Disposable mail collaborates with ethical hackers to make the knowledge available through automation to users with or without a crowdsources security program.

As mentioned in the Undetected podcast, some hackers report with goodwill, which is why setting up a responsible disclosure policy is a good way to begin working with ethical hackers, and we even saw examples of such vigilance in the recent case of Citrix, where malicious hackers are exploited it wildly for personal gain, while this report suggests there could be a vigilante that’s using it in a way to beat others to the punch. It would have been a challenge for Citrix to communicate all their users at once to remediate the security bug, and with the reach of ethical hackers, the information has probably gotten to some companies sooner. For this reason, we anticipate more companies to add Crowdsourced security services to their toolbox.

CI/CD automation becoming the low hanging fruit

Today, the low-hanging fruit is rarely finding a SQL injection in a website, but the attackers are starting to look elsewhere for easy access into sensitive information and internal servers – the automation process. 

Taking into consideration the increasing CI/CD processes and tools, there are attack surfaces that, while not new, have become more critical. This means misconfigurations, the tools, and dependencies used for deployment and orchestration, or a storage place of API tokens for integrations, are increasingly interesting for attackers. 

Misconfigurations, especially when CI/CD tools are used in cloud environments, can accidentally leave internal data storage exposed online due to lack of authentication or general security as in this case with MongoDB. While some of these can be caused by manual error, automation certainly doesn’t make it easy to evaluate the perimeter of your cloud environment. Accidentally exposing internal services or data to the public Internet seems to be a growing trend throughout 2019 and is expected to keep on growing in 2020.

Sometimes attackers dig deeper even beyond the code stored in your private code repositories. They go after the dependencies. This makes sense, because how often does an average organization review the source code for a Dockerfile that uses public images from Dockerhub? Running automated security in the background can help identify common security bugs and schedule fixes into the development cycle.

Cloud-powered web apps become the perimeter to defend

Nothing in the cloud is inherently secure or insecure. Cloud service providers employ a shared responsibility model, which roughly means that it is the user’s responsibility what and how the user deploys on the cloud provider’s service. The majority of improper access controls through misused credentials or API tokens, or misconfigurations in the services used, such as setting firewall rules and allowing all access to internal data storage. 

The sense of perimeter is different in cloud services (or at least some of them), because they introduce networking on the software level and in addition to IP addresses, some resources may have resource names and URLs that can be queried. The “Great Firewall” solution cannot be replicated in cloud environments, when access rights need to be given and blocked on the instance level, or with role-based access control solutions. Also, every cloud provider comes with different default configurations– some cloud providers may not deny traffic by default or may not force to generate strong passwords for data storage.

New web apps are stretching the security perimeter each time, and companies that can scale security with development will keep up with the rate at which vulnerabilities are discovered and exploited. Not only do companies need to monitor the security of their own code, but it’s important to also check for security when acquiring 3rd software tools and javascript. You may already spend a large portion of your budget securing your main application, and keeping track of the growing inventory of web applications will need just as much attention.

DevOps continues towards DevSecOps

External tools and sources for testing for misconfigurations, many of the cloud service providers offer a wide variety of services and tools to support security. However, as stated above, the way these services are used and the type of security controls implemented is up to the developers building things in the cloud. Cultivating security culture amongst developers and taking advantage of available security assessing tools can make a difference in any environment.

The web is becoming safer due to improved frameworks used in web development, regulations around data security and increased know-how of developers. They’re doing this by considering security earlier in the software development lifecycle. There’s a lot of talk about shifting left or pushing left, and for good reason. Developers in advanced tech organizations are practicing DevOps and see the importance of including security as part of their role, and (surprise!) the security bit isn’t slowing them down. Just take a look at companies like Netflix, Atlassian, Slack – they are often speakers for better app security at OWASP AppSec conferences and more. Security becomes enabling, and is scaled up together with development. This isn’t a new trend, but we expect it to continue to grow.

Make it a safer 2020

There is no silver bullet to security, and it is ultimately a sum of many things including threat-modeling, pen-testing, automated security, asset monitoring, etc. Leaders in SaaS and tech use a combination of Crowdsourced security, CI/CD practices, cloud-native solutions and a positive security culture like DevSecOps, which is why we are keeping an eye on these areas for 2020.

How can Disposable mail help with web security trends of 2020?

Disposable mail is the first company of its kind to automate the cutting-edge knowledge of the best ethical hackers in the world to secure public web applications. Users check web applications against 1500+ known vulnerabilities beyond the OWASP Top 10. In a fast-paced tech environment, the potential attack surface increases with each release and new app created. Using Disposable mail, you can monitor your subdomains for potential takeovers and remediate security issues in staging and production, and find vulnerabilities as soon as they are known, to stay on top of threats. Keep up with web security trends in 2020 with Disposable mail. Get a guided demo or try Disposable mail on your own with a 14-day free trial.

Written by: Laura Kankaala, Security Researcher

Edited by: Jocelyn Chan, Content Manager

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail launches a crowd-based security program to ensure an always updated service – 10 minute mail

We have strengthened our security team with a crowdsourced bug bounty program (currently in beta phase). The initiative, known as Disposable mail Crowdsource, allows us to bring in independent security researchers from all over the world. They will help us ensure that Disposable mail remains the most up-to-date and thorough security service for web applications.

dsc_2934-copy“I’m confident that the only way to keep up with elevated security threats is to bring in the best ethical hackers in the world. Black hats move fast, so we need to move even faster. By inviting some of the world’s top security researchers to our platform we will combine automation with crowdsourcing for the first time”, says Rickard Carlsson, CEO of Disposable mail.

How does Disposable mail Crowdsource work?

The security researchers submit their findings to Disposable mail’s security team, who evaluate their Proofs of Concept before adding them to the service, ensuring only high-quality issues are implemented. The researchers will receive payouts based on the number of unique hits for their submission. The more critical the vulnerability is, the higher the payout level will be. The monetary rewards are processed through Bugcrowd, one of the most well-established marketplaces for bug bounty programs. The program is still in beta phase and we are currently improving functionality and inviting researchers.

“As organizations of all sizes face a growing number of cyber security threats it’s no surprise that more and more are turning to the power of the crowd to stay ahead of their adversaries,” said Casey Ellis, CEO, Bugcrowd. “Bug bounty programs have become a critical component of a comprehensive security strategy. Disposable mail’s adoption of this model is further proof of this, and we’re pleased to be able to facilitate that adoption.”

An extension of our top-ranked security team

frans-2016Our Stockholm-based team already includes several prominent bug bounty hunters such as Frans Rosén. He is a top-ranked participant of bug bounty programs, receiving the highest bounty payout ever on HackerOne. He agrees with Carlsson that crowdsourcing is the way to go forward in an ever-changing security landscape:

“The best security researchers will never take a regular 9-5 job at your company, but they are more than willing to contribute with the latest security issues, keeping our service up-to-date and earning money at the same time. It is a win-win situation”, says Frans Rosén, who is well acquainted with the community of security researchers.

Carefully selected researchers

Disposable mail was founded by the world’s leading white hat hackers in 2013 and we are working hard on maintaining the same quality. Disposable mail Crowdsource will therefore grow slowly and we will distribute invitations as we are ready to add new researchers. One of the security researchers who has joined the initiative says:

“Disposable mail Crowdsource is a hybrid between traditional bug bounty programs and automated vulnerability scanners. Researchers can follow the amount of hits on their submitted module, which works as a stimulant. From a client perspective I’d say that the Crowdsource program is of value, making Disposable mail a scanning service backed by the “crowd”.

[VIDEO] Learn more about Disposable mail Crowdsource from our CEO Rickard Carlsson and Co-Founder Fredrik Nordberg Almroth.

Interested in joining Disposable mail Crowdsource or have any questions about the initiative? Drop us an email: hello [at] detectify.com

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Kristian Bremberg, Disposable mail Crowdsource community manager: “Crowdsourced security gives researchers freedom” – 10 minute mail

The Disposable mail Crowdsource platform allows security researchers to submit newly discovered exploits and incorporate them into Disposable mail’s automated security service. At the heart of the initiative is the community of skilled web security experts from across the globe. We have talked to our community manager Kristian Bremberg about his background, the art of building communities, and the power of the crowd.

Kristian Bremberg, Disposable mail Crowdsource

How did you get into web security?
I have always been interested in integrity and personal data. So many people are online nowadays that there is a natural link between integrity and web security. I eventually became active in the web security community, both on Twitter and on various forums. I established one of Sweden’s largest online communities for security researchers and arranged meetups that brought people closer together based on their joint interest in web security.

How did you come across Disposable mail?
I knew of Frans Rosén and other security experts, which is how I found out about Disposable mail. I thought it was an interesting product and I knew the people behind it were fantastic researchers. Over the years, I have followed the company’s development and security research content, and also contributed by writing technical guest blogs for Disposable mail Labs.

What is crowdsourced security?
Crowdsourced security gives researchers freedom. Instead of having to reach out to companies one by one, which involves figuring out who to contact and informing them about an exploit, they can submit a module to Disposable mail Crowdsource. As soon as their submission is processed, they  know that their contribution will make an impact and help secure hundreds of websites. Disposable mail doesn’t just publish the vulnerability, but does something bigger with it by incorporating it into the scanner.

Based on your experience from building a web security community, what have you learnt about maintaining a community that functions well?
Communication is vital! Being able to understand what works and what doesn’t for the community members. It’s really important to listen to them and show them that their voice is being heard.

What does your role as community manager entail?
My key task is to communicate with researchers, listen to them, and encourage them to share feedback and ideas. There is also a more technical side to the role as I will be the researchers’ point of contact for questions related to module submissions, prioritized technologies and proofs of concept. I think the role fits me really well because I am interested in security and have experience in a range of programming languages, but I am also very social and enjoy communicating.

How can we reach out to the best ethical hackers?
It’s all about involving key personalities that play an important role in the community.

What makes Disposable mail Crowdsource unique?
The personal contact we offer researchers. We already have some well-established security profiles contributing to Disposable mail Crowdsource and we are working closely with them to build a tight-knit community, take time to get to know every researcher, and maintain the personal communication. On top of that, the platform allows researchers to reach out to a wider audience because Disposable mail has a global customer base. This way, submitting an exploit can really make a difference.

How is Crowdsource going to change Disposable mail’s service?
It will definitely improve the scanner, the modules will be even better because they will be updated more frequently and will cover more programming languages and technologies. It will also make a difference for the community; ethical hackers will see Disposable mail in a new light, as a company that understands how they work, allows them to contribute to the tool and gives them better reach.

To find out more about Kristian’s work, follow him on Twitter @dotchloe. If you have any questions about Disposable mail Crowdsource, let us know at hello[at]detectify.com!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Newly added security tests March 15, 2017: WordPress, Joomla and Drupal – 10 minute mail

To bring you the most up-to-date security service and help you stay on top of threats, we update Disposable mail on a regular basis. Here are some of the security tests added to the tool with our latest release:

  • testcgi.exe XSS
  • WordPress NextGEN SQL injection
  • WordPress soundcloud-is-gold XSS
  • WordPress userpro XSS
  • Joomla! com_news SQL injection
  • Joomla! com_publication SQL injection
  • Joomla! com_filecabinet SQL injection
  • Joomla! com_frontpage SQL injection
  • Joomla! com_webgrouper SQL injection
  • Joomla! com_phocadownload SQL injection
  • Joomla! com_jdownloads SQL injection
  • Drupal error_log disclosure
  • PHPSysInfo Open Access
  • SSH Private Key Exposure
  • myDBR XSS
  • Jobportals XSS

Happy scanning!
The Disposable mail Team

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

How to become a Disposable mail Crowdsource hacker – 10 minute mail

Disposable mail Crowdsource is a platform where hackers can submit vulnerabilities in web applications. Their findings are reviewed by our security team, and built into our web security scanner so that our customers can test if they are vulnerable. For each unique hit we find on one of our customers’ websites, the hacker earns a bounty.

The platform has been running for more than 6 months, and during this time, hackers from all over the world have helped us make the Internet more secure. Since the platform’s launch, we have gotten a lot of interest from hackers around the world. With this article, we would like to shed some light on how you can get the most out of Crowdsource and what qualities we look for when we handpick hackers to join our invite-only program. Here’s how you can do good while making money!

The skillset of a Crowdsource hacker

Many hackers interested in joining Crowdsource ask us how they can earn money on the platform. Researchers get monetary rewards for each unique hit, which is why the most successful submissions are those that affect many systems and generate a high number of hits. Their popularity will increase the amount of hits, and the researcher gets a monetary reward for each unique target that is vulnerable.

Submissions with a high severity (SQLi, RCE, SSRF) will both earn many points on the leaderboard and generate hits faster while submissions with low or medium severity (XSS, CSRF, Open Redirect) often have a stable increase of hits over time. For example, one hacker submitted an open redirect in a very common Flash file. Because this Flash file was included in many content management systems, the vulnerability affected many of our customers which lead to a high bounty (over 1400 dollars in total) over a two weeks period.

Every Crowdsource hacker has a unique style and focus. All Crowdsource hackers have their own style and focus. Some prefer submitting vulnerabilities in common content management systems such as WordPress, Joomla and Drupal, while others prefer huge or small enterprise products like JetBrains and Solr. Some hackers focus on misconfigurations which can affect most systems regardless of which web application is used.

We see a wide range of both new and old techniques for finding and exploiting vulnerabilities. It can be a vulnerability with low severity where many sites are affected which will increase the amount of hits.

As you can see, Crowdsource offers plenty of opportunities to submit vulnerabilities with the potential to generate a lot of hits! It’s all up to the hacker which tactic that is preferred when submitting vulnerabilities to Crowdsource – however, we are mostly looking for hackers that are really knowledgeable in specific products and areas. Right now we are interested in Magento, WP, and .net/episerver researchers.

How to become a (good) Crowdsource hacker

Crowdsource invites hackers with a good reputation who follow responsible disclosure policies, which is why blackhat methods are not accepted because they do not follow a responsible disclosure policy. Once we have accepted the request you can go right ahead, create an account and start submitting vulnerabilities!

When you submit a vulnerability, you don’t need to write a highly detailed description; all we need are details showing how to exploit the vulnerability. If you submit a proof of concept, that’s even better! Before submitting a vulnerability you should make sure it’s not a duplicate. Take a look at the list of all modules so you don’t waste time submitting something that has already been submitted by someone else.

If you think you are the right person for Crowdsource, you can simply request an invite! You can do so by sending an email with a short introduction to [email protected]

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Disposable mail Crowdsource monthly recap | July 2017 – 10 minute mail

Disposable mail Crowdsource is our crowdsourced security initiative that allows us to implement white hacker knowledge into our service and work with the world’s best security researchers. Read our community manager Kristian Bremberg’s recap to find out what’s been going on in the Crowdsource community last month.

In July, Crowdsource has gotten many interesting submissions from hackers around the world, proving that hacking is in full swing even during the summer months.

From enterprise systems to content management platforms

This month’s submissions vary in severity and cover a wide range of technologies, including enterprise systems and consumer content management platforms.

Many of the submissions are vulnerabilities that affect WordPress plugins. However, we have also received submissions with a high severity (Remote Code Execution and SQL injection) affecting rather exotic systems. The variety in July’s submissions shows that we can find vulnerabilities in most systems thanks to the diverse skillsets of our Crowdsource hackers.

Over 800 hits

Crowdsource submissions are built into the Disposable mail service, allowing us to scan hundreds of websites for the submitted vulnerabilities. This way, researchers can extend their reach and make an impact with the help of automation while getting paid for every unique finding based on their submission.

Disposable mail Crowdsource total hits

Disposable mail Crowdsource | July 2017

In July, Crowdsource submissions generated over 800 hits on our customers’ sites, bringing the total number of hits since the platform’s launch to 5940. That’s 5940 vulnerabilities discovered by modules based on Crowdsource hackers’ security research, a number that continues to grow as our customers run Disposable mail scans on their web applications. White hat knowledge leveraged by the power of automation is a force to be reckoned with!

Crowdsource improvements

To make the Crowdsource experience better for our hackers, we have added several improvements to the platform, such as the frequently requested ability to stay anonymous on the leaderboard, and faster payouts via BugCrowd.

As Crowdsource continues to grow, Disposable mail security researcher Linus Särud will be joining the Crowdsource team. Linus has been working at Disposable mail for over 2 years years and will help us develop the platform so that our customers can access even more white hat hacker knowledge.

Stay tuned for next month’s Crowdsource update!

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Why manual pentesting and automation go hand in hand – 10 minute mail

Security testing has historically been driven by annual compliance audits, but the rapid changes in web security require a new approach. In this article, we explain why manual pentesting and automation are a great fit and how you can combine them to improve your web application’s security.

It’s time for a new approach to web security

Although manual penetration testing and automated security testing are very different, they are not mutually exclusive. On the contrary, combining their strengths results in a broad and effective approach to security.

Performed by skilled security experts who try to compromise a web application, in-depth manual pentests help discover vulnerabilities and identify complex attack vectors. However, the amount of code pushed live every day poses a challenge as it is increasingly difficult for security teams to keep track of the latest threats.

This is where automated security testing comes in. Running against a web application on a regular basis, automated testing tools are continuously updated with new security tests. With the help of automation, vulnerabilities can be discovered before new code is pushed to production.

Combining Manual Penetration Testing and Automation 

The benefits of combining manual penetration testing and automated security testing

Increase the frequency of tests and extend their coverage
With the help of automation, developers can identify and remediate security issues quickly and effectively. Emerging threats are constantly addressed throughout the development cycle, keeping the web application safe in between manual penetration tests with scheduled scans.

Improve security knowledge inside the organisation
Knowledge is spread across the development team instead of being limited to a security team or external security experts. This way, security becomes a core value and a natural part of the development process that is considered from the very first line of code.

Maximise the value of manual penetration testing
Security issues are fixed by the development team before new code is deployed to production, allowing pentesters to focus on more complex attack vectors.

How Disposable mail complements penetration testing

Easy to use
Disposable mail’s simple to use interface, integrations with popular developer tools, team functionality, and informative reports make it easier for you and your team to work with security.

Made for tech teams by ethical hackers
Whether you work with vendor management, dev ops, development, or security, Disposable mail helps you integrate security into your workflow.

  • Disposable mail’s extensive knowledge base with code examples helps your team learn about security and write safer code.
  • Set up your staging environment using Disposable mail and ngrok.
  • Fix security issues before deploying new code to production.
  • Disposable mail integrates with tools like JIRA, HipChat, Slack, PagerDuty and Zapier, making it easier to track your website’s security status
  • New tests are added to the scanner on a continuous basis.

Always up-to-date 
To deliver the most up to date and relevant security tests to clients, we have extended our team with external ethical hackers through Disposable mail Crowdsource, our crowdsourcing platform. This enables us to challenge the hacker community to identify new vulnerabilities which we build into our service, covering a wide range of technologies.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

3 ways white-hat hackers can help you protect your website – 10 minute mail

White-hat hackers are experts at discovering vulnerabilities and they want to help you improve your security. You may never be able to hire them for a full-time position, but they can play a key role in protecting your web application. Here are three ways to leverage their knowledge and keep your website safe.

 1. Responsible disclosure

Most companies first approach the security community by implementing a responsible disclosure policy. Responsible disclosure allows security researchers to look for vulnerabilities and report them to the vendor without running the risk of legal action. Having a responsible disclosure in place signals that an organisation is open to vulnerability reports from white-hat hackers.

Responsible disclosure infographic

Responsible disclosure (Click to enlarge)

Tech giants in Silicon Valley were the first to implement responsible disclosure despite having security teams of their own. This shows that everyone, regardless of organisation size and the level of internal security knowledge, can benefit from asking white-hat hackers for help.

Getting started

Before you go ahead and implement a responsible disclosure policy, make sure you have the resources and a process to follow up on vulnerability reports. Receiving your first report can be stressful, but establishing a routine for evaluating reports and fixing vulnerabilities will help you keep your security work structured. If you’d like to get started with responsible disclosure, can take a look at our Guide to Responsible Disclosure that answers some commonly asked questions.

2. Bug bounty

If responsible disclosure is the first step towards bringing businesses and white-hat hackers closer together, bug bounty is what comes next. Bug bounties are essentially responsible disclosure programs that reward white-hat hackers for reporting vulnerabilities. The rewards can be anything from t-shirts and stickers to payouts adding up to thousands of dollars.

Bug bounty

Bug bounty (Click to enlarge)

Bug bounties often receive considerable attention in the media, especially when large monetary rewards are involved. You may have heard of companies like Google paying out immense sums to white hats who reported critical vulnerabilities to them. Back in 2014, our security researchers discovered a vulnerability that gave them read access to Google’s production servers, which resulted in a $10,000 bug bounty. However, this is by no means the biggest bug bounty payout of all times!

Getting started

The majority of companies do not run bug bounty programs on their own, but partner with a dedicated platform like HackerOne or BugCrowd. Using a platform makes it easier for the organisation to structure their bug bounty program and get access to white-hat hackers who can help them find vulnerabilities.

3. Automated bug bounty – Disposable mail Crowdsource

With responsible disclosure and bug bounty programs, companies can only remediate one vulnerability at a time. Turning to the security community is a step in the right direction, but what if white-hat knowledge could scale? This is a question we are aiming to answer with our crowdsourced security platform Disposable mail Crowdsource.

Disposable mail Crowdsource is an invite-only ethical hacking platform that combines bug bounties with automation. Skilled white-hat hackers discover vulnerabilities in widely used technologies and  submit their findings to Crowdsource. All submissions are reviewed by Disposable mail’s security team and those that are accepted are built into the Disposable mail scanner. This way, every submission is turned into a security test that runs on our customers’ websites.

Disposable mail Crowdsource

Disposable mail Crowdsource (Click to enlarge)

Instead of only securing a single web application, one vulnerability report can secure thousands! Everytime the security test identifies a vulnerability, the white-hat hacker that submitted the finding gets a payout.

White-hat hackers who submit their findings to Disposable mail Crowdsource can also participate in traditional bug bounty programs as we don’t require exclusivity. As long as the discovered vulnerability can be automated, we’re interested in it!

Getting started

If you use Disposable mail to monitor your security, you are already benefiting from what Crowdsource has to offer. Every time you scan your web application with Disposable mail, your scan includes crowdsourced security tests. All findings that were discovered using a module from Crowdsource are tagged with the “Crowdsource” tag.

If you are not using Disposable mail yet, you can give it a try by signing up for our free trial that gives you access to all Disposable mail security tests, including those sourced from Crowdsource.

All findings sourced from Disposable mail Crowdsource are tagged with the “Crowdsource tag”

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Bug Bounty and Automation make a formidable pair together – 10 minute mail

It takes more than one security tool to keep an organization or web applications secure against vulnerabilities. Bug bounty programs and automated security scanning are two growing areas in cybersecurity used by many companies today. In this article, we look at how bug bounty programs and automation complement one another to deliver better web application security.

Get the best of both options
Many have already heard of a bug bounty program or automated web security, and may even be running it as part of their security strategy. A bug bounty program invites ethical hackers to report security vulnerabilities on their websites in exchange for a reward, which is often monetary. Automated scanners like Disposable mail are effective at doing a scheduled wide sweep across your web applications to check for common vulnerabilities.

At Disposable mail, the security tests built into our scanner are sourced from our internal team and Disposable mail Crowdsource network of 150+ white hat hackers. These two layers of security complement one another and leverage crowdsourced knowledge to provide improved coverage. We’ve highlighted a few advantages of combining bug bounty programs and automated security testing.

bug bounty and automated security

How Bug Bounty Programs and Automation Complement each other.


Maximize the value of your bug bounty program
Automated scanners are effective at auditing your web application security at a wide scope and for detecting low hanging fruit. This allows you to adjust the scope of your bug bounty programs as needed to key focal points. The automated solution can gather the common vulnerabilities like OWASP Top 10, while bug bounty hunters can go deeper into your code and deliver sophisticated hacks like ACME XSS or Upload Policies exploits. At Disposable mail, we have top-ranked ethical hackers on our teams, which means we are able to automate advanced research findings like the aforementioned into our tool.

Continuous coverage
Bug bounty programs have become a great asset to security teams in that they can get help from ethical hackers that’s tailored to their needs. Submissions may come during organized events, like with Bugcrowd or Hackerone, or throughout the year if there’s a public bug bounty program running. Some security teams implement automated security scanners to audit web applications security on a weekly basis in between bug bounty events. This provides constant coverage and catches common flaws that are easily fixed by a developer in a dynamic scanning environment.

Encourage security awareness within the organization
When working with ethical hackers in bug bounty programs or a platform like Disposable mail Crowdsource, you get results of vulnerabilities found, the proof of concept as well as remediation tips. This provides security and developer teams with educational information on how to spot it and also can set a preventative mindset.

Stay at the forefront of security
When a vulnerability submitted by a Disposable mail Crowdsource ethical hacker has been validated by our engineering team, we build it into our tool right away, making it available to all our customers at once. This ensures that knowledge is shared with our entire customer base. We update our tool bi-weekly, keeping all our customers at the forefront of security.

Scanning with an adjustable scope
With Disposable mail, you can set the scanner to check for 1000+ known vulnerabilities on your entire domain or on a specific path or subdomain. This could reduce redundancies of known bugs reported and you can set your bug bounty scope to go after things not in the scope of the Disposable mail tool, often more complex bugs found deeper in a system. You can also include scanning behind login and also checking for subdomain takeovers with our domain monitoring service.

Vulnerabilities detected can be shared with developers
When Disposable mail lists the vulnerabilities found, this information is shown in the tool with guidance on where to find the code error, explanation of each bug and remediation tips. This information is available to all users, which means security teams and developers can access the same information and vulnerabilities can be actioned upon once a scan is completed.

False Negatives found can be built in
If your bug bounty program finds a False Negative, we can build in a security test to the scanner using the Proof of Concept provided by the bug bounty hunters. Your scanner will then be set to monitor for the vulnerability going forward.

Disposable mail is an automated web application security scanner and we work with our Disposable mail Crowdsource community of 150+ ethical hackers to research security tests and improve our tool continuously. Are you ready to trial Disposable mail with your bug bounty program? Sign up for an account and scan with a free trial here.

Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.