Hack-a-thon Finds 220 Bugs in Facebook, Google, Etsy

Hack-a-thon Finds 220 Bugs in Facebook, Google, Etsy: What do you get when you put some hackers in a room and give them a list of target Websites? They go bug-hunting!

That was what happened at Bug Bash 2013, an “internet-wide hack-a-thon” run by Bugcrowd at the AppSec USA conference in New York earlier this week. Approximately 80 people participated over the course of three evenings, and “hundreds” participated remotely over the Internet, said Casey John Ellis, founder and CEO of Bugcrowd. Participants submitted the bugs they identified to Bugcrowd, and the team replicated the conditions leading up to the error to confirm the issue.

The list of targets included companies like Facebook, Google, Etsy, Prezi, and Yandex. The security testers who took part identified over 220 bugs, Ellis said. For the most part, the issues were of the mundane run-of-the-mill variety, including some injection and bypass vulnerabilities.