The Times Australia
News From Asia

.
The Times Real Estate

.

Lazada and YesWeHack Strengthen Long-term Partnership by jointly hosting a live Bug Bounty event at HITBSecCONF2022 Singapore

Since launching their first private bug bounty program in 2020, the initiative has expanded into a two-day live hacking event focused on protecting Lazada’s consumer data

SINGAPORE - Media OutReach - 8 September 2022 - Southeast Asia's leading eCommerce platform Lazada has concluded its latest live bug bounty with YesWeHack, a leading global Bug Bounty and Vulnerability Disclosure Policy (VDP) Platform.

The two-day live bug bounty program, which was held at the Hack In The Box Security Conference (HITBSecCONF 2022), resulted in 115 vulnerability reports being submitted by the several dozen researchers present at the event, including some of the best security researchers in the world.

After running a successful two-year Bug Bounty program with YesWeHack, Lazada scaled the program to the next level this year during the HITBSecCONF 2022. The event allowed Lazada to test their applications over the given period of time, while being able to meet with researchers to exchange on the discoveries—thus giving Lazada deep and exclusive insights to the vulnerabilities found.

Lazada wanted to use this live event as an opportunity to achieve in-depth security. To enable this, the company voluntarily disabled a number of security mechanisms for participating researchers and only for the period of the event, allowing them to extensively test the systems and applications. For instance, researchers were able to bypass Web Application Firewalls (WAF) throughout the length of the event—allowing them to hack into the eCommerce platform's sites and services directly. Lazada had chosen to disable WAFs for the hunters, due to the fact that while they are able to block most of the attack, they are not infallible. In addition to WAFs, Lazada also disabled other security solutions that are typically used as a first line of defense, so as to offer hackers the chance to test their application in greater depth.

"Accomplishing a live program on this scale demonstrates Lazada's commitment to security and progressive stance towards bug bounties. By engaging with the broader community, the eCommerce giant is placing an unprecedented level of trust in ethical hackers to better strengthen their security, transparency, as well as data privacy and protection. We are delighted to be able to contribute to yet another successful collaboration with Lazada," said Kevin Gallerin, CEO APAC, YesWeHack.

"Securing customer's data and protecting it from any future incidences is of highest importance at Lazada. Having some of the best security researchers in the world in the same room as us is an exceptional opportunity to learn and exchange—especially for our red team, who mounts deliberate attacks on our systems daily to identify and fix vulnerabilities," said Bruno Demarche, who leads the Red Team & Security Testing Team at Lazada Group.

"The live bug bounty program was a rewarding experience for Lazada and YesWeHack alike. The teams have been able to uncover quality results, which has already given us ideas on how we can improve our internal testing processes for our application and services to ultimately better safeguard Lazada's customers and partners," said Yuezhong Bao, Head of Cybersecurity, Lazada Group.

Lazada's partnership with YesWeHack began in January 2020 with a successful 18-month private bug bounty program. The partners then continued to expand the scopes of their collaboration, and Lazada opened its program to the public in 2021, with rewards of up to US$10,000 per bounty. Since then, the company has been working with over 45,000 ethical hackers to detect flaws within their application and systems to achieve maximum security and protection over their platforms.

The collaboration with Lazada has also allowed YesWeHack to further advance its community of cybersecurity experts and position the company as the leading player of bug bounties in Asia Pacific. Since 2019, YesWeHack has served more than 60 clients from its Asia Pacific headquarters in Singapore, including large BFSIs, tech unicorns and government bodies. With a growing market demand being seen for the crowdsourced security model, 40 percent of YesWeHack's security researchers are based out of Asia, with 30 percent of its clientele coming from Australia, China, Indonesia, Malaysia, and Singapore.


Hashtag: #YesWeHack

About Lazada

Lazada Group is Southeast Asia's pioneer eCommerce platform. For the last 10 years, Lazada has been accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. Today, a thriving local ecosystem links about 160 million active users to more than one million actively-selling sellers every month, who are transacting safely and securely via trusted payments channels and Lazada Wallet, receiving parcels through a homegrown logistics network that has become the largest in the region.

With a vision to achieve USD100 billion annual GMV, Lazada aims to serve 300 million shoppers by 2030, and be the best at enabling brands and sellers in digitalizing their businesses.

In 2022, the Lazada Foundation was set up to empower youths and women for the digital future, close the gender digital divide and uplifting communities by creating positive impact. More information can be found here .

About YesWeHack

Founded in 2015, YesWeHack is a global Bug Bounty and VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 40,000 cybersecurity experts (ethical hackers) across 170 countries with organisations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.

YesWeHack runs private (invitation based only) programs and public programs for hundreds of organisations worldwide in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers: a creation and management solution for Vulnerability Disclosure Policy (VDP), a Pentest Management Platform, a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.


The Times Features

The Benefits of Animal-Assisted Speech Therapy For Children

Speech therapy has long been a standard for supporting children’s communication and emotional development. But what happens when you introduce a furry friend into the process? Th...

The Hidden Dangers of Blocked Drains and the Ultimate Solution for a Hassle-Free Home

Drain blockages are a big hassle to every homeowner and business owner alike. Whether it is a sink in the kitchen or bathroom, a clogged toilet, or a foul smell circulating aroun...

Understanding the Dangers of Ignoring a Gas Leak

Gas leaks are silent threats lurking within both homes and workplaces. A gas leak occurs when natural gas or any other gaseous substance escapes from a pipeline or containment. T...

Can You Sell Your House Privately in Queensland? Here’s How

Selling a house privately in Queensland is entirely possible and can be a cost-effective alternative to using a real estate agent. While agents provide valuable expertise, their co...

Itinerary to Maximize Your Two-Week Adventure in Vietnam and Cambodia

Two weeks may not seem like much, but it’s just the right time for travelers to explore the best of Vietnam and Cambodia. From the bustling streets of Hanoi to the magnificent te...

How to Protect Your Garden Trees from Wind Damage in Australia

In Australia's expansive landscape, garden trees hold noteworthy significance. They not only enhance the aesthetic appeal of our homes but also play an integral role in the local...

Times Magazine

CWU Assistive Tech Hub is Changing Lives: Win a Free Rollator Walker This Easter!

🌟 Mobility. Independence. Community. All in One. This Easter, the CWU Assistive Tech Hub is pleased to support the Banyule community by giving away a rollator walker. The giveaway will take place during the Macleod Village Easter Egg Hunt & Ma...

"Eternal Nurture" by Cara Barilla: A Timeless Collection of Wisdom and Healing

Renowned Sydney-born author and educator Cara Barilla has released her latest book, Eternal Nurture, a profound collection of inspirational quotes designed to support mindfulness, emotional healing, and personal growth. With a deep commitment to ...

How AI-Driven SEO Enhancements Can Improve Headless CMS Content Visibility

Whereas SEO (search engine optimization) is critical in the digital landscape for making connections to content, much of it is still done manually keyword research, metatags, final tweaks at publication requiring a human element that takes extensiv...

Crypto Expert John Fenga Reveals How Blockchain is Revolutionising Charity

One of the most persistent challenges in the charity sector is trust. Donors often wonder whether their contributions are being used effectively or if overhead costs consume a significant portion. Traditional fundraising methods can be opaque, with...

Navigating Parenting Arrangements in Australia: A Legal Guide for Parents

Understanding Parenting Arrangements in Australia. Child custody disputes are often one of the most emotionally charged aspects of separation or divorce. Parents naturally want what is best for their children, but the legal process of determining ...

Blocky Adventures: A Minecraft Movie Celebration for Your Wrist

The Minecraft movie is almost here—and it’s time to get excited! With the film set to hit theaters on April 4, 2025, fans have a brand-new reason to celebrate. To honor the upcoming blockbuster, watchfaces.co has released a special Minecraft-inspir...

LayBy Shopping