- Since 2001, worked with over 45k ethical hackers to detect flaws
- Voluntarily handicapped some security systems farrenheit or participating researchers
Southeast Asia’s top eCommerce platform Lazada has concluded its latest live annoy bounty with YesWeHack, a leading global Bug Bounty and Weeknesses Disclosure Policy (VDP) Platform. The two-day live bug bounty program, which was held at the Hack In The Container Security Conference (HITBSecCONF 2022), resulted in 115 weeknesses reports being submitted by the several number of researchers present at the event, including the best security researchers on the planet.
After running a successful two-year Frustrate Bounty program with YesWeHack, Lazada scaled the program to the next level this season during the HITBSecCONF 2022. The event allowed Lazada to test their programs over the given period of time, while being able to meet with researchers to exchange in the discoveries—thus giving Lazada exclusive insights to the vulnerabilities found.
Lazada wanted to use this live event as an opportunity to attain in-depth security. To enable this, the company under your own accord disabled a number of protection mechanisms for taking part researchers and only for your period of the event, letting them extensively test the systems and programs. For instance, researchers were able to bypass Web Software Firewalls (WAF) through the entire length of the event—allowing them to hack into the e-commerce platform’s sites and services directly. Lazada chose to disable WAFs, due to the fact that, although it is able to block the majority of attacks, it is also not infallible. In addition to WAFs, Lazada also handicapped other security solutions that are typically used as a first line of defense, so as to provide hackers the chance to check their application within greater depth.
“Accomplishing the live program with this scale demonstrates Lazada’s commitment to security and progressive position towards bug bounties. By engaging with the broader community, the eCommerce service can be placing an unprecedented level of trust in honest hackers to better improve security, transparency, as well as data privacy plus protection. We are happy to be able to contribute to yet another successful collaboration with Lazada, ” mentioned Kevin Gallerin, CEO APAC, YesWeHack.
“Securing client’s data and protecting it from any kind of future incidences features highest importance at Lazada. Having among the best security researchers in the world in the same area as us is definitely an exceptional opportunity to understand and exchange—especially for the red team, exactly who mount deliberate attacks on our systems daily to identify and fix vulnerabilities, ” mentioned Bruno Demarche, who have leads the Reddish Team & Security Testing Team from Lazada Group.
“The live bug bounty system was a rewarding encounter for Lazada plus YesWeHack alike. The teams have been capable to uncover quality results, which has already given us ideas about how we can improve our internal testing procedures for our application and services to ultimately better safeguard Lazada’s customers and partners, ” said Yuezhong Bao, Head associated with Cybersecurity, Lazada Group.
Lazada’s partnership with YesWeHack began in January 2020 with a productive 18-month private pester bounty program. The particular partners then continued to expand the scopes of their collaboration, and Lazada opened up its program to the public in 2021, with rewards as high as US$10, 000 for each bounty. Since then, the company has been working with more than 45, 000 ethical hackers to identify flaws within their app and systems to attain maximum security and protection over their particular platforms.
The collaboration with Lazada has also permitted YesWeHack to further advance its community associated with cybersecurity experts plus position the company since the leading player associated with bug bounties within Asia Pacific. Given that 2019, YesWeHack provides served more than sixty clients from its Asia Pacific headquarters in Singapore, including huge BFSIs, tech unicorns and government bodies. Using a growing market need being seen for the crowdsourced security design, 40% of YesWeHack’s security researchers are based out of Asian countries, with 30% of its clientele coming from Australia, China, Indonesia, Malaysia, and Singapore.