Background:

I have worked with lots of companies as security consultant through bug bounties either I asked them if they need my service or they approached. I’m a big fan of Paul’s essay, Hacker News, Startup School and YC as a whole, so thought to document my contribution to YC(nothing technical, just a list).

I have worked with these companies in their early stage to resolve security issues with their websites:

Xobni (S06) : Acquired by Yahoo later. Found account take over CSRF in setting page. Got Yahoo swags. Dropbox (S07): Multiple bugs in the mailbox and other acquisitions. Got listed on Special Thanks page, swags and 100GB. Disqus (S07): Got stickers and swags.(Can’t find the mail, don’t remember the issues) Heroku(W08): WePay (S09): Participated in their bug bounty program on Hackerone.

Olark (S09): Mixpanel(S09): Stripe(S10): PagerDuty(S10): Multiple issues,Multiple swags Hipmunk(S10): Just realized, I was discussing stuff with Steve Huffman 🙂 Chart.io(S10): Mailgun(W11): DR Chrono(W11): Worked with CEO directly and got handsomely rewarded for my work. Parse(S11): Yes, Parse CEO said this Firebase(S11): Instacart(S12): Through private bug bounty Easel.io(S12): Acquired by Github, reported multiple issues. Special Thanks page on Github. Coinbase(S12): Through public bug bounty on Hackerone. Clever(S12): Zenefits(W13): Through private Bug bounty. Heap Analytics(W13): TrueVault(W14): Algolia(W14): still have lots of Algolia stickers 🙂 Gitlab(W15): Listed on Acknowledgement page. Hacker News: Yup, Y Combinator itself. You can find me on their thanks page.

Look like that’s it for now.

so 25, not bad! BTW I am no ninja hacker, most of the stuff are the same task just another website. I have been a jerk professionally (in responding emails), sometimes I didn’t know the tech celebrity I’m talking with, for e.g Steve Huffman, IIya sukar.

I can help with basic web application testing but crowdsourcing your security is the best way to stay updated.

Any questions, suggestions or want to hire me? I’m at bhattacharya.manish7@gmail.com

Logging off

Manish

Edit: This list has grown up to 120+, I’m not maintaining this list anymore!