/ Orange supports App2Own Bug Bounty Contest in order to test and improve the accuracy of their web security solutions developed to protect the Internet connection for companies. Orange is the only telecommunication operator from Romania that encourage vulnerability identification and responsible disclosure.
/ First step is to register and confirm your account.
/ Afterwards, you will receive the list of details regarding your target and you know for a fact that some vulnerabilities are hidden behind strong security mechanisms.
/ Your purpose is to bypass the security measures in order to discover as many methods to exploit those vulnerabilities and reach your target.
/ If you found the way to bypass some of the security measures it's time to use the report form and fill in all the steps you did in order to exploit the vulnerability and bypass the security measures
/ The contest moderator will receive and analyze your report and if everything is correct, you will be on the winners list.
/ Make sure you find as many vulnerabilities as you can, this way you will receive more points and you will grow the chances of winning.
/ Contest Stages:
- Oct 31st – Nov 6th: online contest, with most security features activated
- Nov 7th – Nov 9th: online contest, with some security features deactivated
- Nov 10th, from 9:00 – to Nov 10th, 19:00: on site contest, with most security features activated
- Nov 11th, from 9:00 – to Nov 11th, 16:00: on site contest, with some security features deactivated
rules of engagement
/ The goal of the competition is to bypass web security measures the target has in place and exploit public known vulnerabilities.
/ By reporting the findings, you will get points and improve your chance of winning and the security vendor will improve their security capabilities for their clients.
/ You will receive points based on the vulnerability risk you managed to exploit through bypassing the security mechanisms. Innovative methods will get you extra points.
/ All the assets you have permission to attack will be featured on the Dashboard Page.
/ Play fair, cheating or destroying challenges is not allowed
/ (D)DOS is not accepted
/ You can play only as an individual
/ If two individuals report the same or similar methods to bypass a security mechanism, only the first one will get points
/ Trying to ignore the rules above will get you banned.
/ Vector Meridian Smart Watch (Meridian Black Brownleather Regular)
/ Vector Meridian Smart Watch
/ Vector Luna Smart Watch
/+ prizes from Fortinet
/ First 5 winners of the online competition will get free tickets to DefCamp 2016 conference
/ Everyone will get community recognition, the award ceremony will happen during DefCamp 2016