eLearnSecurity Blog

WANTED: Microsoft Bug Bounty Hunters, 500 USD Reward

eLearnSecurity students, go get yourself a bounty with Microsoft’s Online Services Bug Bounty Program!

Microsoft announced a bug bounty program for its web services starting with Office 365 which offers IT security researchers across the globe a minimum 500 USD reward for submitted vulnerabilities.

Some eligible vulnerability submission types include Cross-Site Scripting (XSS), Cross Site Request Forgery (CSRF), Injection Vulnerabilities, and Authentication Vulnerabilities. Submissions should include concise reports and steps that are understood easily.

Office 365 Bug Bounty Program

Microsoft HQ | Photo source: itpro.co.uk

Microsoft HQ | Photo source: itpro.co.uk

Senior security lead for Microsoft Office 365, Travis Rhodes, outlined the reasons for launching the program and emphasizes that they are taking security very seriously.  “We work hard to develop secure software and defend our services from breaches, but we recognize that security is a journey and not a destination, and we are always looking for ways to move faster.”

The objective of this bug bounty program is to expose significant vulnerabilities that have a direct impact to the security of Microsoft users and their data. Microsoft has noted the eligible and non-eligible submissions as detailed in their post. We suggest you go through the terms and conditions to make sure you are following their guidelines.

You can view the terms here: Online Services Bug Bounty Terms

Pentesting Web Applications

This is exciting news to all our eLearnSecurity Web Application Penetration Testing (WAPT) students! You can you can apply what you have learned from our hands-on training course about web application security. Still need to learn how to do it? Start the WAPT course for FREE here

WAPT Trial

Learn to pentest web applications. Get your FREE DEMO of WAPT.

Tags: ,

1 Comment

Leave a Reply

Your email address will not be published.

Go to top of page