December 6, 2016

New Service Brings Crowdsourcing to Penetration Testing

(LiveHacking.Com) – Crowdsourcing, a term first used back in 2006, has proved a popular way to outsource tasks to large groups or communities (i.e. “the crowd”), where small actions by large numbers can achieve quick results. This idea has now been adopted in the area of penetration testing. Hatforce.com is a new service which rewards ethical hackers for performing penetration tests for willing clients.

The idea is simple. A client signs up to the Hatforce.com web site and offers a financial reward, say $70, for every vulnerability found in their web site or software. Ethical hackers then sign up to Hatforce.com and sign a legal agreement giving them the authority to “hack” the clients resource. If any vulnerabilities are found then they are paid.

The idea of asking “the crowd” to engage in security related tasks was popularized by Google with its Chromium Security Awards scheme. Under Google’s scheme software developers are rewarded for finding security related bugs in Google’s Chrome browser and in the WebKit HTML and Javascript engine. To date Google has paid out hundreds of thousands of dollars in rewards and some people like Sergey Glazunov have become semi-famous for their consistent work in find security holes.