LIVE BUG BOUNTY by YES WE HACK

Following the success of 2019 edition, the FIC and YesWeHack are once again organizing a LIVE BUG BOUNTY! With a 2020 theme around the human being at the heart of cybersecurity, the presence of YesWeHack, which mobilizes collective intelligence to address the growing shortage of cybersecurity skills, is particularly relevant.

YesWeHack is Bug Bounty's #1 European platform, connecting over 10,000 ethical hackers around the world and organizations of all sizes and industries to search for vulnerabilities (bugs) in their websites, mobile apps, infrastructure and objects connected, and secure their exposed perimeters.

For two days, several companies and Civitech will put their perimeters to the test of hunters who will be rewarded with bonuses calculated according to the severity of the faults found. Companies and Civitech wishing to open a Bug Bounty program on the FIC are expected to come forward before 17 January 2020 (write to us here). For hunters, all you have to do is register on the YesWeHack platform and come to the FIC on the Bug Bounty space.

How to participate ?

1. You must be registered to FIC. 

2. Each hunter will be required to have an account on the Bug Bounty platform YesWeHack to validate the rules before chasing bugs and accessing the different programs.

3. Each hunter will be required to have an account on the Bug Bounty platform YesWeHack (https://yeswehack.com) to validate the rules before chasing bugs and accessing the different programs
Code of conduct
  • No Denial of Service attacks, no Brute-Force, social engineering attacks or physical attacks and no spam!
  • No public disclosure of Bug.
  • We reserve the right to cancel programs at any time and the decision to pay a reward is at the sole discretion of the program managers.
  • You must not break the law and stay within the set perimeter.
  • You must not disrupt the service or corrupt personal data.
  • Any failure to comply with the rules will result in the submission being invalid or even excluded from Bug Bounty’s program.
 
Framework
  • Each hunter will be required to have an account on the Bug Bounty YesWeHack platform in order to validate the rules before hunting bugs and accessing the various programs.
  • Each Hunter of the FIC 2019 bounty bug will be subject to the conditions of use of the YesWeHack bug bounty platform (https://yeswehack.com) via his/her registration.
  • No employee(s) (current or past) in the program’s perimeters may claim to be eligible for a reward.
  • Comply with the rules of each program described on https://yeswehack.com
  • Be the first to report a vulnerability. Submission of a bug that could compromise the integrity of user data, bypass user data privacy protection or allow access to a system within the infrastructure, such as: authentication bypass, XSS/SQL/XML injections, CSRF, SSRF, remote arbitrary code execution. Qualifying vulnerabilities for a bonus will be indicated in the details of each program.
  • Only an exploitation from one of the IP addresses assigned to the 2019 FIC will be considered valid.
Bug submission Rules
  • Exclusive use of the Bug Bounty platform https://yeswehack.com (Pseudo/hash check – Submission Timestamp)
  • Provide enough information to analyze the attack path as well as to be able to easily replay it, which will facilitate the validations of the submissions, which will have an impact on the amount of the reward.
  • The validity of each submission and the amount of the fees will be decided by the program managers present on site.