I know someone that would find security holes in random company sites and email them about it. They never asked for money.
Most of the time, the company sent an angry response with threats of calling the police. I always thought this was stupid.
I would never look for security vulnerabilities on a company site, unless I'm hired to do so. The main issue is that you have no idea if what you are doing will affect a production sites.
Most of the time, the company sent an angry response with threats of calling the police. I always thought this was stupid.
I would never look for security vulnerabilities on a company site, unless I'm hired to do so. The main issue is that you have no idea if what you are doing will affect a production sites.