Ever wanted to participate in a Bug Bash, but never got an invite or didn't know how to get on the list? Now's your chance!
There are limited seats, but we want to make sure everyone has a chance to participate. If you feel your skills are a great fit for the specifications listed below, please apply, and we'll work to review all applicants as quickly as possible.
For this bash there's going to be a heavy emphasis on testing some new Okta binaries - which is to say that if you're a pro with IDA Pro or Ghidra, then this may be the bash for you. Researchers with a strong background in reverse engineering or binary exploitation will be prioritized.
Of course, there's going to be a heavy dose of webapp scope for classical webapp vulnerabilities - so if you've got a strong background in testing SAML or IDPs, then you're probably a shoo-in for an invite as well.
And finally, we can't forget about the mobile and API components. If you're a certified mobile or API gangster, we'd love to have ya onboard to help make piles of money and help secure the world's leading SSO provider at the same time.
Also, if you've got a crew that's a finely tuned wrecking ball, collaboration is massively encouraged for this program, so bring your team and do some damage!
This program will take place with a two week pre-testing phase from June 28th to July 11th, with the main bash event itself taking place from the 12th to the 14th of July.
|Technical severity||Reward range|
|p1 Critical||$20,000 - $50,000|
|p2 Severe||$10,000 - $15,000|
|p3 Moderate||$1,000 - $2,000|
|p4 Low||$200 - $400|
The targets provide directory services, single sign-on, strong authentication, provisioning, mobile device management and API access management. It comes with built-in reporting, and integrates deeply with cloud, mobile and on-premises applications, directories and identity management systems.
The in scope applications utilize technologies like Kotlin, Java, Swift, Objective-C and more!
Rewards for this program are as follows:
|P1||$38,000 - $50,000|
|P2||$10,000 - $15,000|
|P3||$1,000 - $2,000|
|P4||$200 - $400|
Additionally, bonuses will be paid for accomplishing certain objectives, such as first P1, best collaboration, and finding the most bugs. There's opportunity aplenty for everyone (swag and physical prizes will also be provided for participants, as well as those who dominate specific categories)... it's gonna be a good time. Looking forward to seeing you there!