Frequently Asked Questions


What is a bug bounty program?

Bug bounty is a legal information security program where an organization (program owner) rewards testers (ethical hackers) for vulnerabilities/bugs found in their service/product.

What is the purpose of hacktify website?

HACKTIFY is a bug bounty and vulnerability disclosure platform that connects companies with ethical hackers. Details of the services organisations want to test and the testing rules are uploaded on our site. Registered ethical hackers can view these and legally search and report vulnerabilities through the site.

What is vulnerability disclosure policy (VDP)?

A Vulnerability Disclosure Policy/Program is an important document for companies that describes the process of how vulnerabilities found in their services can be reported by the researcher (ethical hacker). By program we mean the management of this policy.

Who do I turn to for help?

If you need help with the website, platform, services or a specific programme, please contact us by email at [email protected], by using the contact form on the website, or by phone.

Is the platform safe?

We use a range of solutions and best practices to ensure that everyone's data is safe and only those with the right to access it have access. These include logging, encryption, segregation of the development environment and more.


How to start hunting as an ethical hacker?

To participate in programs, you'll need a user account, which you can easily create in the registration tab. You can participate in public programs by reading the terms of use and following the testing policy.

How do I create a hacker profile?

Simply click on the registration tab where you can create your account after entering your details. Registration requires confirmation, which you can activate by clicking on the link sent to the email address provided. You can then log in to your account and fill in your profile details.

How do I test?

You can find out about the conditions and framework for testing in each individual programme. It is important that you always follow these terms and conditions and the testing policy. Do not try methods that are not allowed. Always report any vulnerabilities you find in the reporting area of our website, do not use them for your own purposes.

How can I report a vulnerability?

You can report a vulnerability in your user account under the report menu. Make sure you fill in the required information accurately and completely. Do not disclose any vulnerabilities you find or use them for your own purposes. You can report vulnerabilities for programs included in your own programs (bookmark).

How and when do I get a reward?

You can get a reward for vulnerabilities found and reported, which must meet the requirements set out in the program description. All reports will be checked and, if accepted, the payment process will start and will be carried out in the way you choose.

I have received my first private programme invitation - what should I do?

For private programs, only a limited number of people can be authorised to test and can be accepted by invitation. You can receive an invitation by email, accept the invitation and see the details of the programme by clicking on the link in the invitation. Testing in private programs works on a similar principle to testing in public programs, different conditions will be explained in the description.

What is the leaderboard?

By participating in programmes, reporting and being accepted, and for various tasks, you can earn points to achieve different ranks. These points and ranks can appear in the leaderboard according to your profile settings. You can then see how you are doing in relation to the hacker community. Rankings can also be the basis for an invitation to a private program, so it's worth collecting them.

Can I disclose any vulnerabilities?

No. In all cases you must comply with the General Terms of Use (GTU) and the Testing Policy. You can only report vulnerabilities through the Platform, you cannot use them for your own purposes, you cannot submit them directly to the company that launched the program. Violation of the terms and conditions may result in exclusion from the program, banning from the Platform, and in the event of a final penalty, criminal prosecution.

How long does it take to review the report and pay the reward?

This depends on the details of the programme, the number of reports submitted and the feedback from the company that launched the programme. Always be patient. All submitted reports will be checked and you will receive feedback if you are rewarded. You can check the current status of your report in your account.

Am I a criminal if I register?

No. HACKTIFY has a contractual relationship with the companies and organisations that run the programme, so the legal conditions are in place for you to search for vulnerabilities. However, it is important to note that non-compliance and misuse of data can result in criminal prosecution, so always be careful and read the terms and conditions and the testing policy of the programme carefully.

Why is identity verification necessary?

Identity verification is necessary to fulfil a legal obligation to prevent fraud and abuse. It is possible to set the account to "verified" status after logging in to the platform by using the dedicated menu. Registration is not subject to the verification of identity. However, it is mandatory if the user wishes to initiate a reward payment.


What bug bounty program types you can choose?

Public: A public program is submitted the entire research community registered on the platform. Everybody can find and report bugs through our site.

Private: A private program is submitted to a specific number of researchers, chosen by the client, and is not subject to external communication. Usually these gives a higher reward – and hackers can gain more reputation when participating in such program.

On-site program: Our most discreet program – the solution is tested on the location of the submitter organization by the selected researchers. This type is recommended for products/systems prior production or for hardware and physical devices testing.

Is it risky to have a bug bounty program?

Your site can be hacked, even if you don't have a bug bounty program. In fact, you won't even know how your system has been hacked, what has been stolen, and you could even pay a fine if the data leak is discovered. The risk of a public bug bounty program is no different from the risk of a penetration test.

Why should I ask somebody to hack my company’s system?

Every systems have their uniqe complexity. Each components could have different vulnerabilities, moreover newer and newer weaknesses are announced daily which after couple of days can be exploited by malicious hackers. It is better to prevent this and we proactively want to discover and fix these bugs. With this our firm can be more secure and can avoid fines and reputational damage.

Can I trust the hackers?

Several types of hackers can be distinguished, from which to our site such information security experts register, who have experience in penetration testing and they accept the testing policy, terms of use, so they perform testing as ethical hackers.

What services are included if my company register a program?

Ongoing testing by the hacker community is expected. We will help you get the program up and running. Our service includes bug report validation, so your company will already have a validated report - no need to worry about sending incomplete reports back for patching. We monitor the entire process, you only need to deal with vulnerabilities.

What kind of contact do I have with hackers?

In case of public and private bug bounty programs every communication is with Hacktify team, so you don’t have to get in contact with the hackers.

Are the vulnerabilities revealed kept secret?

Of course, in addition to confidentiality, we ensure that vulnerabilities are only accessible to authorised persons, and our website has encryption solutions to help ensure this. We also make it clear to hackers in several places that they are not allowed to disclose any information - and we contractually agree with them to do so.

How is this different from me hiring an ethical hacker?

Ethical hackers are highly skilled professionals in the market, it costs much more if your company hires them, and you have penetration testing done. In the case of a bug bounty program, a large community will test your company, all of this would be individually time and resource intensive.