I have worked with lots of companies as security consultant through bug bounties either I asked them if they need my service or they approached. I’m a big fan of Paul’s essay, Hacker News, Startup School and YC as a whole, so thought to document my contribution to YC(nothing technical, just a list).
I have worked with these companies in their early stage to resolve security issues with their websites:
- Xobni (S06) : Acquired by Yahoo later. Found account take over CSRF in setting page. Got Yahoo swags.
- Dropbox (S07): Multiple bugs in the mailbox and other acquisitions. Got listed on Special Thanks page, swags and 100GB.
- Disqus (S07): Got stickers and swags.(Can’t find the mail, don’t remember the issues)
- WePay (S09): Participated in their bug bounty program on Hackerone.
- Olark (S09):
- PagerDuty(S10): Multiple issues,Multiple swags
- Hipmunk(S10): Just realized, I was discussing stuff with Steve Huffman 🙂
- DR Chrono(W11): Worked with CEO directly and got handsomely rewarded for my work.
- Parse(S11): Yes, Parse CEO said this
- Instacart(S12): Through private bug bounty
- Easel.io(S12): Acquired by Github, reported multiple issues. Special Thanks page on Github.
- Coinbase(S12): Through public bug bounty on Hackerone.
- Zenefits(W13): Through private Bug bounty.
- Heap Analytics(W13):
- Algolia(W14): still have lots of Algolia stickers 🙂
- Gitlab(W15): Listed on Acknowledgement page.
- Hacker News: Yup, Y Combinator itself. You can find me on their thanks page.
Look like that’s it for now.
so 25, not bad! BTW I am no ninja hacker, most of the stuff are the same task just another website. I have been a jerk professionally (in responding emails), sometimes I didn’t know the tech celebrity I’m talking with, for e.g Steve Huffman, IIya sukar.
I can help with basic web application testing but crowdsourcing your security is the best way to stay updated.
Any questions, suggestions or want to hire me? I’m at email@example.com
Edit: This list has grown up to 120+, I’m not maintaining this list anymore!