What is bug bounty?

Advantages

Continuous testing by the global ethical hacker community

It is better to test your company’s services by a crowd of researchers than 1-2 pentesters.

Reduce your firm’s risk of security vulnerabilities

A new zero-day is announced almost every day and soon there is an exploit kit available to that. It is better to identify the weaknesses of your system as soon as possible and mitigate the risk of those.

Better to pay a reward than a fine

Avoid data breach scandals and the fines from authorities. Let’s test your site by the best security researchers.

The World’s biggest companies have bug bounty program

Join them and be more secure than your competitors.

Be ready to external IT Security audits

Gain good points at the auditors as you have a bug bounty program.

You define the details of the program

We help you determine the most appropriate parameters - program’s scope, access, management and processes - for testing for your company.

Save on your security budget

You pay only in case of identified vulnerabilities.

Find the right program for your business

You can choose from our three bounty models to complement your needs: public, private or on-site. Moreover, we also can provide vulnerability disclosure program for your firm.

Before go live and continuously

Test your system before entering the market or even continuously! Circumstances are changing, hackers are evolving, keep up with them!

How does it work?

Choose service: select which of our services is the most suitable for your company. Contact us using the “Contact” form and we will be in touch.
Define the details of your program. Determine some important points: what is in scope for testing? Who can test these? What tools can be used? For which vulnerabilities would you pay bounty and how much?
Sign of contract and start of your program.
Ethical hackers registered into our platform start hacking of your systems. In case they find a vulnerability, they fill in the bug report and submit it on our platform. After quick verification you get the report.
Triage phase: your company must verify and accept the bug, then has to pay the bounty for it to the hacker through Hacktify.

Each year, tens of thousands of companies fall victim to cybercriminals. Don’t let this happen to your firm! Join us and be hack proof!

Get pre-validated and good quality reports only!

Each of our services contains the validation of the bug reports prior to send it to your company. Thus, you will get only pre-checked and good quality reports. You don’t have to have extra FTEs for this on your side: you can allocate resources to fix the vulnerabilities right away!

Frequently asked questions

WHAT IS A BUG BOUNTY PROGRAM?

The bug bounty is a kind of information security testing, in which a company gives reward (i.e. bounty) to the security researchers for the vulnerabilities identified in its services

IS IT RISKY TO HAVE A BUG BOUNTY PROGRAM?

You site can be hacked, can be attacked by malicious intent, if you don’t have a bug bounty program. Moreover, this way you are not aware how your system has been hacked, which vulnerability has been exploited, what data has been stolen, even you have to pay fines in case the data breach gets publicity. The risk of a public bug bounty program doesn’t differ from the risk of a penetration test.

WHAT IS THE PURPOSE OF HACKTIFY WEBSITE?

Hacktify is a bug bounty and vulnerability disclosure platform, which connects companies with security researchers. The program details and the test rules are uploaded to our site. Ethical hackers who sign-up to our webpage can see these and can hunt for vulnerabilities legally and report them through the site

WHAT IS VULNERABILITY DISCLOSURE POLICY (VDP)?

Vulnerability disclosure policy (VDP) is an important document and process for companies that describes how a weakness identified in their services can be legally reported by an individual. If currently this policy doesn’t exist at your firm contact Hacktify! We offer to define this policy for your company and also, we can provide our platform as an interface for this if required.

WHAT BUG BOUNTY PROGRAM TYPES YOU CAN CHOOSE?

Public: A public program is submitted the entire research community registered on the platform. Everybody can find and report bugs through our site. Private: A private program is submitted to a specific number of researchers, chosen by the client, and is not subject to external communication. Usually these gives a higher reward – and hackers can gain more reputation when participating in such program. On-site program: Our most discreet program – the solution is tested on the location of the submitter organization by the selected researchers. This type is recommended for products/systems prior production or for hardware and physical devices testing.

WHY SHOULD I ASK SOMEBODY TO HACK MY COMPANY’S SYSTEM?

Every systems have their uniqe complexity. Each components could have different vulnerabilities, moreover newer and newer weaknesses are announced daily which after couple of days can be exploited by malicious hackers. It is better to prevent this and we proactively want to discover and fix these bugs. With this our firm can be more secure and can avoid fines and reputational damage.