Build Unique Search Experiences Adam Surak SRE & Security Engineer adam.surak@algolia.com @AdamSurak Continuous Security

@AdamSurak Core Core Core Core Security

@AdamSurak Core Core Core Core Core Core

@AdamSurak Penetration testing Quality varies Very detailed and understandable outcomes Higher price* One shot -> outdated in few hours

@AdamSurak Responsive disclosure security@algolia.com “Give me money!” “Give me money or I will not tell you what I’ve found!” How do you send money to India, Pakistan, … ?

@AdamSurak Public Bug Bounty Program HackerOne, Bugcrowd, … All the reports in one place Protects both reporter and site owner Clean accounting Possible swag-only

@AdamSurak 1 year with HackerOne

@AdamSurak 1 year with HackerOne 12.2% 42.2% 23.2% 22.4%

@AdamSurak All-time vs last 6 months 12.2% 42.2% 23.2% 22.4% 18.2% 22.9% 13.5% 45.3%

@AdamSurak 1 year with HackerOne

@AdamSurak All-time vs last 6 months All-time Last 6 months Response time 2 days 1 day Resolution time 21 days 11 days Bounties $10,125 $4,000

@AdamSurak Learnings PenTesters think differently Beginning is hard Have patience with communication You can’t do it best effort There will be noise No matter what, they will use automatic scanners

W e are hiring in Paris and SF QUESTIONS? Build Unique Search Experiences adam@algolia.com @AdamSurak