. home.aspx



XSS is Most Rewarding Bug Bounty as CSRF is Revived

June 12, 2019 / Dan Raywood

Cross-site scripting (XSS) is the most rewarding security vulnerability, according to data on the number of bug bounties paid. According to HackerOne’s top 10 most impactful security vulnerabilities, which have earned hackers over $54m in bounties and based on over 1400 HackerOne customer programs and 120,000 reported vulnerabilities, XSS is the most paid out vulnerability, followed by “improper authentication – generic” and “information disclosure.” In comparison to the current OWASP Top Ten, which was last refreshed in 2017, XSS only featured in seventh place in the last top 10. While SQL Injection, which was in the top position of the OWASP top 10, appeared in fifth place in HackerOne’s list. Speaking to Infosecurity, Rahim Jina, COO of edgescan, said that from their stats XSS accounts for nearly 15% of application layer vulnerabilities found, showing a slight increase year on year. “This is a vulnerability we nearly expect to find whe...