The Times Australia
News From Asia

.
The Times Real Estate

.

Lazada and YesWeHack Strengthen Long-term Partnership by jointly hosting a live Bug Bounty event at HITBSecCONF2022 Singapore

Since launching their first private bug bounty program in 2020, the initiative has expanded into a two-day live hacking event focused on protecting Lazada’s consumer data

SINGAPORE - Media OutReach - 8 September 2022 - Southeast Asia's leading eCommerce platform Lazada has concluded its latest live bug bounty with YesWeHack, a leading global Bug Bounty and Vulnerability Disclosure Policy (VDP) Platform.

The two-day live bug bounty program, which was held at the Hack In The Box Security Conference (HITBSecCONF 2022), resulted in 115 vulnerability reports being submitted by the several dozen researchers present at the event, including some of the best security researchers in the world.

After running a successful two-year Bug Bounty program with YesWeHack, Lazada scaled the program to the next level this year during the HITBSecCONF 2022. The event allowed Lazada to test their applications over the given period of time, while being able to meet with researchers to exchange on the discoveries—thus giving Lazada deep and exclusive insights to the vulnerabilities found.

Lazada wanted to use this live event as an opportunity to achieve in-depth security. To enable this, the company voluntarily disabled a number of security mechanisms for participating researchers and only for the period of the event, allowing them to extensively test the systems and applications. For instance, researchers were able to bypass Web Application Firewalls (WAF) throughout the length of the event—allowing them to hack into the eCommerce platform's sites and services directly. Lazada had chosen to disable WAFs for the hunters, due to the fact that while they are able to block most of the attack, they are not infallible. In addition to WAFs, Lazada also disabled other security solutions that are typically used as a first line of defense, so as to offer hackers the chance to test their application in greater depth.

"Accomplishing a live program on this scale demonstrates Lazada's commitment to security and progressive stance towards bug bounties. By engaging with the broader community, the eCommerce giant is placing an unprecedented level of trust in ethical hackers to better strengthen their security, transparency, as well as data privacy and protection. We are delighted to be able to contribute to yet another successful collaboration with Lazada," said Kevin Gallerin, CEO APAC, YesWeHack.

"Securing customer's data and protecting it from any future incidences is of highest importance at Lazada. Having some of the best security researchers in the world in the same room as us is an exceptional opportunity to learn and exchange—especially for our red team, who mounts deliberate attacks on our systems daily to identify and fix vulnerabilities," said Bruno Demarche, who leads the Red Team & Security Testing Team at Lazada Group.

"The live bug bounty program was a rewarding experience for Lazada and YesWeHack alike. The teams have been able to uncover quality results, which has already given us ideas on how we can improve our internal testing processes for our application and services to ultimately better safeguard Lazada's customers and partners," said Yuezhong Bao, Head of Cybersecurity, Lazada Group.

Lazada's partnership with YesWeHack began in January 2020 with a successful 18-month private bug bounty program. The partners then continued to expand the scopes of their collaboration, and Lazada opened its program to the public in 2021, with rewards of up to US$10,000 per bounty. Since then, the company has been working with over 45,000 ethical hackers to detect flaws within their application and systems to achieve maximum security and protection over their platforms.

The collaboration with Lazada has also allowed YesWeHack to further advance its community of cybersecurity experts and position the company as the leading player of bug bounties in Asia Pacific. Since 2019, YesWeHack has served more than 60 clients from its Asia Pacific headquarters in Singapore, including large BFSIs, tech unicorns and government bodies. With a growing market demand being seen for the crowdsourced security model, 40 percent of YesWeHack's security researchers are based out of Asia, with 30 percent of its clientele coming from Australia, China, Indonesia, Malaysia, and Singapore.


Hashtag: #YesWeHack

About Lazada

Lazada Group is Southeast Asia's pioneer eCommerce platform. For the last 10 years, Lazada has been accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. Today, a thriving local ecosystem links about 160 million active users to more than one million actively-selling sellers every month, who are transacting safely and securely via trusted payments channels and Lazada Wallet, receiving parcels through a homegrown logistics network that has become the largest in the region.

With a vision to achieve USD100 billion annual GMV, Lazada aims to serve 300 million shoppers by 2030, and be the best at enabling brands and sellers in digitalizing their businesses.

In 2022, the Lazada Foundation was set up to empower youths and women for the digital future, close the gender digital divide and uplifting communities by creating positive impact. More information can be found here .

About YesWeHack

Founded in 2015, YesWeHack is a global Bug Bounty and VDP Platform. YesWeHack offers companies an innovative approach to cybersecurity with Bug Bounty (pay-per-vulnerability discovered), connecting more than 40,000 cybersecurity experts (ethical hackers) across 170 countries with organisations to secure their exposed scopes and reporting vulnerabilities in their websites, mobile apps, infrastructure and connected devices.

YesWeHack runs private (invitation based only) programs and public programs for hundreds of organisations worldwide in compliance with the strictest European regulations.

In addition to the Bug Bounty platform, YesWeHack also offers: a creation and management solution for Vulnerability Disclosure Policy (VDP), a Pentest Management Platform, a learning platform for ethical hackers called Dojo and a training platform for educational institutions, YesWeHackEDU.


The Times Features

Why Regional Small Businesses in Bendigo Deserve Better Access to Finance in 2025

In the heart of regional Victoria, Bendigo has long stood as a beacon of innovation, resilience and community spirit. As we step further into 2025, the importance of nurturing sm...

Is It Time for a Deep Cleaning? Signs You Shouldn’t Ignore

Most people know they should visit the dentist for a regular check-up and cleaning every six months. But sometimes, a standard cleaning isn’t enough. When plaque and tartar build...

The Hidden Meaning Behind Popular Engagement Ring Cuts

When it comes to engagement rings, the cut of the diamond is not just about aesthetics. Each shape carries its own symbolism and significance, making it an important decision for...

Annual Health Exams in the Office: How They Can Reduce Sick Days and Healthcare Costs

Regular health check-ups, especially annual health exams in the office, can significantly impact the overall well-being of your workforce. A proactive approach to employee health...

Best Deals on Home Furniture Online

Key Highlights Discover the best deals on high-quality outdoor furniture online. Transform your outdoor space into a stylish and comfortable oasis. Explore a wide range of d...

Discover the Best Women's Jumpers for Every Season

Key Highlights Explore lightweight jumpers for spring and summer, ensuring breathability and ease. Wrap up warm with cozy wool jumpers for the chilly autumn and winter season...

Times Magazine

The Essential Guide to Transforming Office Spaces for Maximum Efficiency

Why Office Fitouts MatterA well-designed office can make all the difference in productivity, employee satisfaction, and client impressions. Businesses of all sizes are investing in updated office spaces to create environments that foster collaborat...

The A/B Testing Revolution: How AI Optimized Landing Pages Without Human Input

A/B testing was always integral to the web-based marketing world. Was there a button that converted better? Marketing could pit one against the other and see which option worked better. This was always through human observation, and over time, as d...

Using Countdown Timers in Email: Do They Really Increase Conversions?

In a world that's always on, where marketers are attempting to entice a subscriber and get them to convert on the same screen with one email, the power of urgency is sometimes the essential element needed. One of the most popular ways to create urg...

Types of Software Consultants

In today's technology-driven world, businesses often seek the expertise of software consultants to navigate complex software needs. There are several types of software consultants, including solution architects, project managers, and user experienc...

CWU Assistive Tech Hub is Changing Lives: Win a Free Rollator Walker This Easter!

🌟 Mobility. Independence. Community. All in One. This Easter, the CWU Assistive Tech Hub is pleased to support the Banyule community by giving away a rollator walker. The giveaway will take place during the Macleod Village Easter Egg Hunt & Ma...

"Eternal Nurture" by Cara Barilla: A Timeless Collection of Wisdom and Healing

Renowned Sydney-born author and educator Cara Barilla has released her latest book, Eternal Nurture, a profound collection of inspirational quotes designed to support mindfulness, emotional healing, and personal growth. With a deep commitment to ...

LayBy Shopping