Helping you become a BugBountyHunter


We're on a mission to be your go-to place for everything bug bounties and to help you learn how to get started.
Learn how to test for security vulnerabilities on web applications with our various real-life web applications and begin to gain the confidence needed to apply your newly found knowledge on bug bounty programs. Browse and digest security researcher tutorials, guides, writeups and find information related to public bug bounty programs.


Learning about web application vulnerabilities


New or experienced, learn about various vulnerability types on custom made web application challenges based on real bug bounty findings! Learn about new techniques and bypasses whilst embracing the mindset of a hacker.


You have knowledge on what type of vulnerability you should be looking for but are you able to find it? There are no flags to find and instead you're learning about he various mistakes developers make when developing and how vulnerabilities arise from this.

The stage is yours, take it and have some fun!

Browse free challenges

For newcomers

Checking if a whitelisted string is found is a bad approach

Browse challenge

🔥 Level up

Check out these HackerPhotos! Nothings wrong here.

Browse challenge

🔥 Level up

There's a leak somewhere!

Browse challenge

For newcomers

Only relative redirects are allowed!

Browse challenge

Extended learning

ZSeano's Playground


FastFoodHackings is a demo web application designed to test your approach to discovering vulnerabilities. You've learnt about various vulnerability types from our other challenges, but now can you go and find them without knowing where they are?


With over 25 unique findings to discover but no knowledge on what to find, it's up to you to learn the hacker mindset and discover all of the vulnerabilities! Learn how the web application works and explore the various features available and begin your hunt!

Please note there is no triage available for this demo.

Visit playground

Public program activity


Browse information related to public program activity such as the amount of reports received in ~90 days (updated daily), hackers thanked and if allowed, disclosed reports.

Disclosed report rewards

Starbucks paid a bounty
Trustpilot paid a bounty
Snapchat paid a bounty
Tor paid a bounty
Traffic Fac... paid a bounty
Stripe paid a bounty
Tube8 paid a bounty
Uber paid a bounty
SKALE Network paid a bounty
Tinder paid a bounty
Spotify paid a bounty
Status.im paid a bounty
Slack paid a bounty
Smartsheet paid a bounty
Zomato paid a bounty

Recently launched

JetBlue launched a public program
Radancy launched a public program
OpenSea launched a public program
InMobi launched a public program
Tennessee V... launched a public program
Krisp launched a public program
Wickr launched a public program
Vend by Lig... launched a public program
Agoric launched a public program
SEGA launched a public program
Horizen launched a public program
Auvik launched a public program
Clubhouse launched a public program
M&T Bank launched a public program
Snowplow launched a public program

Quiet programs

Gener8 received 0 reports in last 90 days
Ed received 0 reports in last 90 days
JamieWeb received 0 reports in last 90 days
Aspen received 0 reports in last 90 days
Workly... received 0 reports in last 90 days
Python... received 0 reports in last 90 days
JNJ Mo... received 0 reports in last 90 days
FINRA ... received 0 reports in last 90 days
Ramp VDP received 0 reports in last 90 days
MobiSy... received 0 reports in last 90 days
Doppler received 0 reports in last 90 days
Gmelius received 0 reports in last 90 days
RATELI... received 0 reports in last 90 days
Revive... received 0 reports in last 90 days
Versio... received 0 reports in last 90 days

Browse more programs from HackerOne

Our Community

Contributed by members View our members