Whitehat Penetration Testing | Bitcointalksearch.org

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Quote from: randy-waterhouse on August 18, 2012, 11:40:41 PM

Easy. Just put a sufficiently valuable bitcoin private key associated with a bounty somewhere relevant on your system and say "come get it".

NB: Make it a multi-sig (keep one key to yourself) to make sure you get some info about the vulnerabilities in case the penetrators just want to abscond with the loot.

of course, now they will assume it's a multi-sig key. :-)

But really, this idea is solid- but how do we get someone involved? I think at the start we might have to turn to the community and later on start to think about dedicated professionals in this field. I don't think many firms are interested in turning their attention away from banks and corporations to work on someone's bitcoin website project. :-)

randy-waterhouse

newbie

Activity: 41

Merit: 0

Easy. Just put a sufficiently valuable bitcoin private key associated with a bounty somewhere relevant on your system and say "come get it".

NB: Make it a multi-sig (keep one key to yourself) to make sure you get some info about the vulnerabilities in case the penetrators just want to abscond with the loot.

Ferroh

member

Activity: 111

Merit: 100

I love this idea.

Hopefully sufficient incentives can be provided for capable penetration testers to conduct such a service.

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Quote from: paraipan on August 17, 2012, 04:15:45 PM

Quote from: Elwar on August 17, 2012, 03:57:37 PM

There are already services out there for this. The company I work for just had a team come in and do this, providing a decent report of vulnerabilities.

Rather than look into the Bitcoin community for this, look into experts who do this for a living every day.

Any of them accepting bitcoins?

+1

kiba

legendary

Activity: 980

Merit: 1014

Every member should pay a fee that will be used to raise the bounty price.

For example, gold members pay 20 BTC a month, silver members 5 BTC a month, and bronze members only 1 BTC a month.

If there are 20 members that are gold, that mean 400 BTC are contributed each month to the bounty coffer.

paraipan

legendary

Activity: 924

Merit: 1004

Firstbits: 1pirata

Quote from: Elwar on August 17, 2012, 03:57:37 PM

There are already services out there for this. The company I work for just had a team come in and do this, providing a decent report of vulnerabilities.

Rather than look into the Bitcoin community for this, look into experts who do this for a living every day.

Any of them accepting bitcoins?

Elwar

legendary

Activity: 3598

Merit: 2386

Viva Ut Vivas

There are already services out there for this. The company I work for just had a team come in and do this, providing a decent report of vulnerabilities.

Rather than look into the Bitcoin community for this, look into experts who do this for a living every day.

Indemnified

full member

Activity: 216

Merit: 100

This would be a very valuable service, and given the choice of competing web services I would invest in the one that had a Whitehat Penetration Certification. I would pay a reasonable bounty to a Whitehat company to obtain a report on a given web service that I was considering using (the cost would of course have to be spread over a large number of customers because I certainly couldn't afford to individually pay for penetration test of every web service I was considering using.

paraipan

legendary

Activity: 924

Merit: 1004

Firstbits: 1pirata

Agree, how we could achieve doing it safely? Maybe joining a "White Hat Union" or something similar?
They could give their seal of approval to bitcoin websites, dunno just thinking out loud here

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

In light of the number of web services that are starting up and the questionable level of security that they offer, perhaps it would be useful to have some sort of "Whitehat penetration testing" service or bounty. Perhaps sites could submit themselves to being tested by the community (and offering some sort of bounty?) and if the community isn't able to penetrate the site- a sort of 'symbol' or 'seal' could be awarded showing that the site survived penetration testing up till a certain date.

Eventually people will want to know the site they are dealing with is safe, and the endless 'hacks' look bad for us in general.

Topic: Whitehat Penetration Testing (Read 1462 times)