In recent years, bug hunting has proven its prominence and popularity among students looking to find jobs and internships at an early age. The short, time-saving courses and no graduation based eligibility criteria make it more accessible and achievable. India, having a large base of white hackers, has proved its stronghold in the technology arena and has made hacking a sought-after avocation. According to a report, bug bounty hunting as a profession has emerged as 16 times more lucrative than a job as a software engineer. An article posted by Facebook on completing five years of its bug bounty program in 2016 listed the top three countries based on the number of payouts of the program, wherein India emerged as the undefeated champion.
Here Is A List Of Indian Bug Bounty Programs that you should try:
OLA Bug Bounty Program
OLA is an Indian origin cab services company with an efficient yet pocket-friendly cab service as well as an exceptionally fulfilling bug bounty hunting program. This program was launched to encourage cybersecurity aficionados to look for security vulnerabilities in the company’s software. On authentic and successful reporting of a bug, appropriate monetary remunerations are given based on the severity and complexity of the bug.
The program encompasses both core and other domains:
I Want To Become Good Better Best In Life
Core OLA: *.olacabs.com and *.olamoney.com
Other Domains:
- *.ola.foundation
- *.olaskilling.in
- *.olaelectric.in
- *.mission-electric.in
- *.ola.institute
- Ola Cabs mobile app ( Android | iOS )
- Ola Lite mobile app – A lighter version of Ola Cabs app ( Android )
- Ola Money mobile app ( Android | iOS )
- Ola Operator mobile app ( Android )
- Ola Partner mobile app ( Android | iOS)
Note:
- You have to be the first one to report the bug.
- This program is for individuals and not organisations.
- Do read the terms and conditions of the program at https://whitehat.olacabs.com/?page=reportIssue
McDelivery Bug Bounty Program
By launching a ‘Bug Bounty Program’, McDonald’s India (Hardcastle Restaurants Private Limited) has proffered a great opportunity to independent security groups as well as individual researchers to gain monetary rewards in exchange for their expertise in identifying any potential security bugs and keeping the data out of harm’s way. This includes any security bugs or valid non-security bugs solely for all HRPL owned Web and Mobile Application platforms for McDelivery.
The program is focused on the following domains:
- McDelivery Web Application (www.mcdelivery.co.in);
- McDelivery Mobile Application (Android and iOS)
- McDelivery APIs
- Infrastructure Security
In case a bug is detected, it has to be reported via email at [email protected] and non-disclosure in any public domain has to ensured. Rewards, based on the severity of the issue reported, will be 2,500 Rs in case of valid bugs. The reward will be in the form of coupons, subject to taxes with a limited validity period, would not be transferable or cashable and will only be applicable in McDonald’s India (West and South).
MobiKwik Bug Bounty Program
MobiKwik, India’s biggest independent mobility payments network, launched its very first bug bounty program in 2016. The program seeks to further fortify its cybersecurity efforts in the sphere of digital payments. To quote Bipin Preet Singh-CEO, “MobiKwik provides a secure, seamless, and rewarding payment experience. With the introduction of the bug bounty program, we are now taking a crucial step forward in further strengthening the security of our wallet. We encourage security researchers and bug hunters to reach out to us and make a responsible disclosure when they detect any vulnerabilities.”
The bug bounty program focuses on key security flaws like Cross-Site Scripting (XSS), SQL Injection, Misuse/Unauthorized use of MobiKwik’s APIs, Improper TLS protection and leaking of sensitive customer data (especially anything in the scope of PCI). The bug is supposed to be reported to [email protected], which MobiKwik’s security team will analyze and issue a patch for.
The rewards again will be based on severity, complexity and level of the vulnerability reported. The minimum rewards for reporting a legit bug is Rs 1000. In case of high severity bug reporting, the company listens to the bug hunter on its Wall of Fame.
Yatra’s Bug Bounty Program
Yatra, one of India’s leading online travel portals, has a bug bounty program to offer a more safe and more secure experience to its customers on the platform. Once an exploitable bug is found, it needs to be reporting by filling a form (https://www.yatra.com/online/bug-report-issue), which will be assessed and resolved by yatra’s security team. Monetary reward based on the severity and impact of the reported bug is given.
The program includes the following domains:
- Yatra’s official website (www.yatra.com)
- Our mobile sites (Android & iOS)
- Our mobile apps (Android & iOS)
– Aishwarya Ojha
