Bug bounty program websites List for ethical hackers

What is Bug Bounty Program for penetration Websites?

Bug bounty program offered by many Famous and Private Static and Dynamic websites and software developers by which individuals can receive recognition programs and compensation for reporting bugs And Security Researchers comes in website for penetration testing and then Report Ethically.

What is Ethical Hacker ?

There are four types of Hackers are :

WhiteHats : Mean Ethical Hacker , Security Researcher , Penetration .

BlackHats : Mean Negative , If BlackHats Find the Vulnerability then they will go for Exploit rather then Ethical Report.
GrayHats : Mean Power of two , They are Positive and also Negative well its depend on Situation.
Anonymous : Mean Only work for patriotism.

Bug Bounty Program / Private and Famous Website List:

http://www.123contactform.com/security-acknowledgements.htm
https://hackerone.com/4chan/thanks
http://www.activecampaign.com/security/
http://helpx.adobe.com/security/acknowledgements.html
https://www.airbnb.com/help/policies/responsible_disclosure#responsible_disclosure_policy
https://www.appcelerator.com/privacy/responsible-disclosure-of-security-vulnerabilities/
http://support.apple.com/kb/HT1318
http://www.androidfreeapp.net/security-researcher-acknowledgments/ (May 2014)
https://www.apptentive.com/contact/
https://www.appointlet.com/
https://artsy.net/security
http://www.audiomack.com/about
https://barracudalabs.com/research-resources/bug-bounty-program/bug-bounty-hall-of-fame-2/
https://getbase.com/security/
http://ca.blackberry.com/business/enterprise-mobility/mobile-security/incident-response-team/collaborations.html (2014)
http://www.blesta.com/responsible-disclosure/(CORE-931)
• Bidmail — http://www.bidmail.com/index.php/contact/
• Big Commerce — http://www.bigcommerce.com/about-us/
• Birst — http://www.birst.com/security-reporting
• Bitcasa — https://support.bitcasa.com/hc/en-us/articles/202210658-How-To-Responsibly-Report-Security-Concerns
• Bufferapp — https://bufferapp.com/security
• Bugcrowd — https://bugcrowd.com/bugcrowd/hall-of-fame
• Bugherd — http://bugherd.com/security
• Calameo — http://en.calameo.com/content/about_calameo-about-calameo.htm
• Calendar Budget — https://calendarbudget.com/support2/open.php
• Cisco — http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
• Cloudflare — https://hackerone.com/cloudflare/thanks
• Colupon — https://bugcrowd.com/c028
• Commando IO — https://commando.io/security.html#hall-of-fame-section
• Compilr — https://compilr.com/forum/security-thanks
• Comodo Dragon — http://www.comodo.com/contact-comodo/contact-us.php
• Coinbase — https://hackerone.com/coinbase/thanks
• Constant Contact — http://www.constantcontact.com/about-constant-contact/security/report-vulnerability.jsp
• Crowdrise — http://www.crowdrise.com/UnitedRelief-ARC (Reward ($100) Donated to Typhoon Haiyan Victims in the Philippines [2013])
• Deutsche Telekom — http://www.telekom.com/security/acknowledgements
• Dell Secureworks — http://www.secureworks.co.uk/contact/disclosure/
• Digital Fire — http://digitalfire.com/services/contact.php
• Dropbox — https://www.dropbox.com/special_thanks
• Dropcam — https://www.dropcam.com/security
• DuckDuckGo — https://duck.co/feedback/bug/-
• Duo Security — https://www.duosecurity.com/security
• Ecstasy Data — http://www.ecstasydata.org/contact.php
• EMC Corporation — http://www.emc.com/contact-us/contact/product-security-response-center.htm
• File Pigeon — http://www.filepigeon.com/faq/
• Ford Motor Company (Fleet Department) — http://www.fleet.ford.com/contact-us/
• Form Assembly — http://www3.formassembly.com/blog/formassembly-vulnerability-and-security-reporting/
• FoxyCart — http://www.foxycart.com/security-contact/
• Freelancer — https://www.freelancer.com/u/evanricafort.html
• Friendster — http://www.friendster.com/contact_us
• Game Institute — https://www.gameinstitute.com/contact.php
• Gapminder — http://www.gapminder.org/about-gapminder/contact/
• Geonode — https://github.com/GeoNode/geonode/commit/f48b14e26894c21006c165beb62a9a13265dba0e
• GF Overflow — http://www.gfoverflow.com/contact.php
• GitLab — https://about.gitlab.com/vulnerability-acknowledgements/ (2014)
• Gizmo Host — http://www.gizmohost.com/contact
• Gizmo Quip — http://gizmoquip.com/#contact
• Gli.PH — https://gli.ph/security.html
• Google — http://www.google.com/about/appsecurity/hall-of-fame/reward/ (Quarter 3 - 2014)
• Hackerearth — http://www.hackerearth.com/recruit/faq/
• HackForCause — http://hackforcause.com/hall-of-fame/
• Harvard University — http://about.worldmap.harvard.edu/icb/icb.do?pageid=icb.page481343
• Honeybadger — http://docs.honeybadger.io/article/181-security
• Hotgloo — http://www.hotgloo.com/security/hall-of-fame
• HTC — http://www.htc.com/us/terms/product-security/
• Huawei — http://www.huawei.com/en/security/psirt/report-vulnerabilities/index.htm
• Hubdia — https://hackerone.com/hubdia/thanks
• IBM Corporation — http://www-03.ibm.com/security/secure-engineering/report.html
• iBuildApp — http://ibuildapp.com/about-us/
• Icecoder — https://bugcrowd.com/icecoder/hall-of-fame
• iDevAffiliate — http://www.idevdirect.com/contact.php
• Intel — https://www-ssl.intel.com/content/www/us/en/forms/webmaster-contact-us.html
• Internetwache — https://en.internetwache.org/security/
• Juniper Networks — https://www.juniper.net/us/en/security/report-vulnerability/
• Kayako — https://my.kayako.com/Knowledgebase/Article/View/853/0/security-vulnerability-fix-and-patch-policy
• Khan Academy — https://hackerone.com/khanacademy/thanks
• Lavasoft — http://lavasoft.com/mylavasoft/company/about.php
• Lleida — http://www.lleida.net/en/company/about-us
• LG Developers — http://developer.lge.com/footer/footer/RetrieveContactInfo.dev
• LinkedIn — http://help.linkedin.com/app/safety/answers/detail/a_id/37022
• Logentries — https://logentries.com/doc/security/
• Joomlart — http://www.joomlart.com/joomlart/contact-us
• JotForm — http://www.jotform.com/about/
• Magix AG — http://research.magix.com/(May 2014)
• MailChimp — http://mailchimp.com/about/security-response/
• Mastercoin Foundation — https://bugcrowd.com/mastercoin/hall-of-fame
• MaxCDN — http://www.maxcdn.com/company/security/
• Meldium — https://www.meldium.com/security
• Metrodeal — http://www.metrodeal.com/about-us
• Microsoft — http://technet.microsoft.com/en-us/security/cc308575#0114 (January 2014)
• Moment.Me — http://www.moment.me/
• Motorola — http://www.motorolasolutions.com/US-EN/About/Security%20Vulnerability
• Movember — https://bugcrowd.com/movember/hall-of-fame
• My News Desk — http://www.mynewsdesk.com/about
• National Cyber Security Center (Netherlands) — https://www.ncsc.nl/security
• Nitrous I/O — http://help.nitrous.io/admin-security-response/ (2014)
• Oculus VR — https://www.oculusvr.com/bug-submission/
• OpenDrive — https://www.opendrive.com/security
• OpenText — http://www.opentext.com/Who-We-Are/Copyright-Information/Security-Acknowledgements
• Pagerduty — http://www.pagerduty.com/security/disclosure/
• PayPal — https://www.paypal.com/webapps/mpp/security-tools/wall-of-fame-honorable-mention (Quarter 2 of 2014)
• Perfectcloud — https://www.perfectcloud.io/about.html
• PhpNuke — https://downloads.phpnuke.org/en/email/contact_us.htm
• Pwnie Express — https://www.pwnieexpress.com/contact-us/
• Rackspace — http://www.rackspace.com/information/legal/rsdp
• Rainedout — http://www.rainedout.com/contact
• Rapid7 — https://www.rapid7.com/disclosure.jsp
• Rebelmouse — https://about.rebelmouse.com/company
• RelateIQ — https://hackerone.com/relateiq/thanks
• Ribose — https://www.ribose.com/security/hall_of_fame
• Rietta — http://rietta.com/contact/security/
• Risk I/O — https://www.risk.io/security
• Samsung — https://samsungtvbounty.com/HallOfFame.aspx
• Search on Zippy — http://www.searchonzippy.com/contact
• Sellfy — https://sellfy.com/security/
• Shaukk — http://shaukk.com/developers.php
• Site Liner — http://www.siteliner.com/contact
• Slack — https://hackerone.com/slack/thanks
• SmartQ — http://www.getsmartq.com/support.php
• Sony — https://secure.sony.net/hallofthanks
• Sourceforge Japan — http://sourceforge.jp/docs/SourceForge.JP%E3%81%AE%E9%80%A3%E7%B5%A1%E5%85%88
• SoundCloud — http://help.soundcloud.com/customer/portal/articles/439715-responsible-disclosure
• Splitwise — http://blog.splitwise.com/about/responsible-disclosure-special-thanks/
• StarHub — http://www.starhub.com/personal/support/contact-us.html
• Survey Gizmo — http://surveygizmo.helpgizmo.com/help/contact-us
• Sprout Social — http://sproutsocial.com/responsible-disclosure-policy
• Steam — https://support.steampowered.com/index.php
• StoptheHacker — https://hackerone.com/stopthehacker/thanks
• Student CRM - Data Harvesting U.K — http://www.student-crm.co.uk/about/security/
• Swipe Identity — https://bugcrowd.com/c030/hall-of-fame
• Tagged — http://safety.tagged.com/security/
• Thumbr — http://www.thumbr.io/tos
• Tresorit — https://tresorit.com/hacking-challenge
• Tumblr — http://www.tumblr.com/security
• Twitch TV — http://www.twitch.tv/p/security
• Twilio — https://bugcrowd.com/twilio/hall-of-fame
• Twitter — https://about.twitter.com/company/security (2013 and 2014)
• Typo3 — http://typo3.org/teams/security/
• Uber — https://www.uber.com/security
• United States Naval Academy — http://www.usna.edu/About/
• UK Secure Web Hosting — http://www.uksecurewebhosting.co.uk/contact.php
• US Unlocked — https://www.usunlocked.com/contact_us.php
• Valve Software — http://www.valvesoftware.com/security/
• Via Forensics — https://viaforensics.com/company/contact/
• Visa Incorporation — http://www.visa.com/globalgateway/
• Vox Analytics — https://www.voxanalytics.com/contact
• WePay — https://hackerone.com/wepay/thanks
• Wizehive — https://www.wizehive.com/security/
• Wordpress — http://codex.wordpress.org/Security_FAQ
• World Vision Philippines — http://worldvision.org.ph/contact-us
• WPEngine — http://wpengine.com/contact/
• Yahoo! — https://hackerone.com/yahoo/thanks
• Yamaha Club Philippines — https://www.yamahaclub.com.ph/contact/
• Yandex — http://company.yandex.com/security/hall-of-fame.xml (March 2014)
• Yesware — http://www.yesware.com/security/
• Zendesk — http://www.zendesk.com/company/responsible-disclosure-policy
• Zynga — http://company.zynga.com/security/whitehats (2014)

Welcome to Pentester infoSec

.

Wednesday, 15 October 2014