Cybersecurity is evolving.Are you?

Amnesty is really satisfied with the researcher's work during Yogosha's live hacking event. This event enabled us to disclose important vulnerabilities, which weren't detected by our traditional security tests. We've fixed our vulnerabilities right after the event, and we've reinforced the security of our website and infrastructures.

Our partnership with Yogosha relies on multiple criterias: complementarity and effectiveness, as well as thoughtful recommendations. Yogosha is providing us with extremely detailed reports, which allow our internal teams to fix vulnerabilities. This collaboration with Yogosha is essential to raise Cdiscount's security requirements.

Bug bounty’s flexibility and fast activation helps us to save a lot of time to secure our digital activities : programs are launched in 1 or 2 days, when pentesting can take up to 4 weeks of planification delay. At Thales Digital Factory, we chose quality and hackers skills rather than quantity, and Yogosha perfectly fits into our Red Team process. The platform is a central security tool to ensure the external security level of our solutions. We will keep using traditional pentesting for ad-hoc missions and to challenge Bug Bounty results.

We consider that the Bug Bounty is mandatory for any company that wants to maintain a good security level. You need to be in a reactive and proactive security, especially when you're a SaaS solution with fast evolving code. Jenji does about 30 releases per month, regressions and differences from one API to another are possible. This is why we chose to do Bug Bounty with Yogosha : we wanted to benefit from the offensive mindset, and to understand how to exploit the system from outside.