Helping you become a BugBountyHunter

We're on a mission to be your go-to place for everything bug bounties and to help you learn how to get started.
Learn how to test for security vulnerabilities on web applications with our various real-life web applications and begin to gain the confidence needed to apply your newly found knowledge on bug bounty programs. Browse and digest security researcher tutorials, guides, writeups and find information related to public bug bounty programs.

Learning about web application vulnerabilities

New or experienced, learn about various vulnerability types on custom made web application challenges based on real bug bounty findings! Learn about new techniques and bypasses whilst embracing the mindset of a hacker.

You have knowledge on what type of vulnerability you should be looking for but are you able to find it? There are no flags to find and instead you're learning about he various mistakes developers make when developing and how vulnerabilities arise from this.

The stage is yours, take it and have some fun!

Browse free challenges

🔥 Level up

Check out these HackerPhotos! Nothings wrong here.

Browse challenge

🔥 Level up

There's cross site request forgery (CSRF) protection, but how good is it?

Browse challenge

For newcomers

Can you obtain the sensitive information somehow?

Browse challenge

For newcomers

Change the class of our image and pick your favourite!

Browse challenge

Extended learning

ZSeano's Playground

FastFoodHackings is a demo web application designed to test your approach to discovering vulnerabilities. You've learnt about various vulnerability types from our other challenges, but now can you go and find them without knowing where they are?

With over 25 unique findings to discover but no knowledge on what to find, it's up to you to learn the hacker mindset and discover all of the vulnerabilities! Learn how the web application works and explore the various features available and begin your hunt!

Please note there is no triage available for this demo.

Visit playground

Public program activity

Browse information related to public program activity such as the amount of reports received in ~90 days (updated daily), hackers thanked and if allowed, disclosed reports.

Disclosed report rewards

Starbucks paid a bounty
Trustpilot paid a bounty
Snapchat paid a bounty
Tor paid a bounty
Traffic Fac... paid a bounty
Stripe paid a bounty
Tube8 paid a bounty
Uber paid a bounty
SKALE Network paid a bounty
Tinder paid a bounty
Spotify paid a bounty paid a bounty
Slack paid a bounty
Smartsheet paid a bounty
Zomato paid a bounty

Recently launched

JetBlue launched a public program
Radancy launched a public program
OpenSea launched a public program
InMobi launched a public program
Tennessee V... launched a public program
Krisp launched a public program
Wickr launched a public program
Vend by Lig... launched a public program
Agoric launched a public program
SEGA launched a public program
Horizen launched a public program
Auvik launched a public program
Clubhouse launched a public program
M&T Bank launched a public program
Snowplow launched a public program

Quiet programs

Nokogiri received 0 reports in last 90 days
Workly... received 0 reports in last 90 days
Insule... received 0 reports in last 90 days
Weblate received 0 reports in last 90 days
JamieWeb received 0 reports in last 90 days
WakaTime received 0 reports in last 90 days
Sweatc... received 0 reports in last 90 days
Aspen received 0 reports in last 90 days
FINRA ... received 0 reports in last 90 days
Python... received 0 reports in last 90 days
Gener8 received 0 reports in last 90 days
JNJ Mo... received 0 reports in last 90 days
RATELI... received 0 reports in last 90 days
CERT/CC received 0 reports in last 90 days
Starli... received 0 reports in last 90 days

Browse more programs from HackerOne

Our Community

Contributed by members View our members