Skyscanner

  • $100 – $8,000 per vulnerability
  • Safe harbor

Skyscanner is now offering higher rewards for valid, in scope vulns regardless of priority!

Skyscanner is now offering higher rewards for valid, in scope vulns regardless of priority!

Skyscanner’s bug bounty program covers both of its mobile apps, the majority of the website and now all subdomains are in scope of this programme (unless explicitly excluded).

Some of the key areas researchers should focus on are:

  • Booking platform
  • User account profile
  • Partner Portal
  • APIs
  • Mobile apps (IOS, Android)

Scope

This program is different from others as it pays higher rewards for findings in its focus areas for all submissions, regardless of priority rating. There is also a wide scope (now covering all of its subdomains) and researchers are encouraged to do a reconnaissance of Skyscanner’s whole platform.

Skills

This is an attractive program for anyone with skills in:

  • E-commerce flows
  • Creative with the exploitation of flows
  • Those that can demonstrate a clear impact – Skyscanner wants to know quickly how serious an issue is under initial review.
  • There is particular interest in high-impact business logic vulnerabilities.

Looking at the world we are in today and the level of uncertainty we face, now is the time to get started enhancing your skills, and Skyscanner’s program is a great opportunity to do so. This program offers monetary rewards for the first submitted report of a vulnerability. So if you are looking to enhance your skills and make a few extra dollars, this program is great for you!

Check out this case study for more information https://www.bugcrowd.com/customer/skyscanner/ !

If you have any questions, please reach out to support@bugcrowd.com.

Good luck and Happy Hunting!