Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Advertise

About Us

Author

Profile of Jason Haddix

Vice President of Researcher Growth at Bugcrowd

Member Since: 12/15/2016
Author
News & Commentary Posts: 3
Comments: 0

Jason is the head of trust and security at Bugcrowd. Jason works with clients and security researchers to create high value, sustainable, and impactful bug bounty programs. He also works with Bugcrowd to improve the security industry's relations with researchers. Jason's interests and areas of expertise include mobile penetration testing, black box Web application auditing, network/infrastructural security assessments, and static analysis. Before joining Bugcrowd, Jason was the director of penetration testing for HP Fortify, and also held the #1 rank on the Bugcrowd leaderboard for 2014.

Articles by Jason Haddix

View Content By Month

Your Life Is the Attack Surface: The Risks of IoT

1/8/2019
To protect yourself, you must know where you're vulnerable — and these tips can help.
Post a Comment

Private, Public, or Hybrid? Finding the Right Fit in a Bug Bounty Program

10/5/2017
How can a bug bounty not be a bug bounty? There are several reasons. Here's why you need to understand the differences.
Post a Comment

The Bug Bounty Model: 21 Years & Counting

12/29/2016
A look back on the beginnings of crowdsourced vulnerability assessment and how its robust history is paving the way for the future.
Post a Comment

Hot Topics

Editors' Choice

Why Vulnerable Code Is Shipped Knowingly

Chris Eng, Chief Research Officer, Veracode, 11/30/2020

Security Slipup Exposes Health Records & Lab Results

Dark Reading Staff 12/2/2020

Webinars

Data Protection 101 - 12/10 @ 11am EST

Architecting Security for the Internet of Things

Defense and Response Against Insider Threats & User Errors

Webinar Archives

White Papers

Exclusive IT Trend Report: Chatbots

The $500,000 Cost of Not Detecting Good vs. Bad Bot Behavior

Addressing Complexity and Expertise in Application Security Testing

All In, Online Gaming & Gambling

How to Measure & Reduce Cybersecurity Risk in Your Org

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: I think the boss is bing watching '70s TV shows again!

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Malware Threat Landscape

Download this report to learn about the real makeup of online threats, as reported by the defenders who see them every day.

Download Now!

How Data Breaches Affect the Enterprise (2020)

0 comments

How IT Security Organizations are Attacking the Cybersecurity Problem

0 comments

Special Report: Understanding Your Cyber Attackers

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2020-26246
PUBLISHED: 2020-12-03

Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions.

CVE-2020-29279
PUBLISHED: 2020-12-02

PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution.

CVE-2020-29280
PUBLISHED: 2020-12-02

The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the search.php page.

CVE-2020-29282
PUBLISHED: 2020-12-02

SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.

CVE-2020-29283
PUBLISHED: 2020-12-02

An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]