Hacking competitions that will get you noticed

Some of the most highly recommended hacking competitions that will get your name and skills noticed by the right people

1 pentagon
David B. Gleason (Creative Commons BY or BY-SA)

Hack the Pentagon

From the Hack the Pentagon announcement to the Facebook Hacker Cup, there are loads of opportunities for those new to security to either participate in educational hacking competitions or simply learn by watching others compete. Michiel Prins, co-founder, HackerOne, and Ryan Stortz, security researcher, Trail of Bits, offered up a list of popular competitions and what they like most about some of them.

2 uber
Mapbox (Creative Commons BY or BY-SA)

Uber Engineering Bug Bounty

The engineering security team at Uber has developed a bug hunter treasure map inviting hackers to find vulnerabilities in their cn.uber.com service, which communicates with the Android and iOS apps while using Uber. Prins said, "Uber’s program is unique because it offers a first of its kind loyalty program and the treasure map gives hackers unprecedented transparency."

3 yahoo
Tim Rogers (Creative Commons BY or BY-SA)

Yahoo's Hack U

The development network division at Yahoo!, Hack U, offers a platform for different hacking competitions with "no rules or limitations." Prins said, ""Yahoo! has a large footprint on the web and diverse portfolio of products so there is always something new for bug hunters to find. This makes it a great program for newer hackers.""

4 github
othree (Creative Commons BY or BY-SA)

GitHub at the core of it all

The GitHub Bug Bounty Program offers a minimum prize of $200. Prins said, "GitHub is a core product for nearly all development teams -- if you are able to hack it and report a vulnerability you are potentially helping millions."

5 google


Unlike the unencumbered opportunites at Hack U, Google Bug Hunter University is much more explicit about their boundaries and expectations. "Google’s program is great for bug hunters. They are very particular and transparent about how they determine bounty awards and what technology is in scope. Google’s Bug Hunter University is also a great resource for hackers wanting to look for bugs in Google and any other program," Prins said.

6 flag
hoschi e. (Creative Commons BY or BY-SA)

Capture the Flag (CTF)

"Many competitions (mine included) target the CTF community and tend to punish new people. Much like jazz musicians, we build off of challenges from our peers to pay homage and to show off. Unfortunately this means challenge, sophistication, and difficulty goes way up in a horrible feedback loop," Stortz said.
Competitions like PicoCTF and Microcorruption are specifically targeted at new players and the stages. "They are meant to slowly build up fundamental skills (and in the case of PicoCTF specifically - recruit you to Carnegie Melon)," Stortz said.
7 recommendations
Sebastiaan ter Burg (Creative Commons BY or BY-SA)

A few more recommendations

DropBox -- They pay competitive bounties, they store a lot of data and there are many components, like iPhone app, syncing with computer. It is more than just a web app which creates unique challenges and makes it a fun target for hackers.

CyberCompEx is another community of highly skilled and talented researchers looking to connect through an online platform and various competitions. You can engage in a competition or view past competitions to get a taste of what they are all about.

Copyright © 2016 IDG Communications, Inc.