Microsoft Defender Bounty Program: Rewards up to $20,000 USD
Microsoft has launched the Defender Bounty Program, which aims to toughen the protection of its prospects’ skills by incentivizing researchers with rewards of as much as USD 20,000.
Thru this program, Microsoft encourages researchers to establish security vulnerabilities in its Defender suite of merchandise, which incorporates anti-virus, endpoint security, and cloud security products and services.
By working collaboratively with the protection analysis personnel, Microsoft aims to establish and take care of ability security concerns before they’d per chance well additionally be exploited by malicious actors.
Researchers from worldwide are invited to snatch half in the Microsoft Defender Bounty Program to search out vulnerabilities in Defender products and services and merchandise.
Over time, the Defender program will develop to consist of extra merchandise below the Defender ticket. In the origin, it’ll finest specialise in Microsoft Defender for Endpoint APIs. Submissions that meet the necessities can bear bounty payments ranging from $500 to USD 20,000.
The most necessary goal of this program is to squawk the indispensable vulnerabilities by using some requirements for bounty awards:
- Identify a vulnerability in listed in-scope Defender merchandise that turn into no longer previously reported to, or otherwise identified by, Microsoft.
- Such vulnerability have to be of important or indispensable severity and reproducible on the most recent, entirely patched version of the product or carrier.
- Encompass optimistic, concise, and reproducible steps in writing or video structure.
- Provide our engineers with the data mandatory to rapidly reproduce, realize, and fix the train.
To think researchers’ submissions extra without be aware, Microsoft asks that they consist of the following data:
- Submit by the MSRC Researcher Portal.
- Label in the vulnerability submission which excessive-impact scenario (if any) your describe qualifies for.
- Listing the attack vector for the vulnerability.
Stay API Assault Simulation Webinar
In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Merchandise at Indusface show how APIs would be hacked. The session will hide: an exploit of OWASP API High 10 vulnerability, a brute power story snatch-over (ATO) attack on API, a DDoS attack on an API, how a WAAP would per chance per chance well bolster security over an API gateway
Awards:
Tips of Participation
- Any Denial of Provider testing.
- Testing products and services that bear substantial volumes of visitors automatically.
- Making an attempt to deceive others, including our group, using phishing or other social engineering strategies. This program’s scope is limited to technical flaws in the designated Microsoft On-line Services and products.
Source credit : cybersecuritynews.com