Penetration testing is key part of an organisation’s security testing schedule, helping them uncover vulnerabilities and in providing remediation advice. However, when there may be limited test scope, tight timescales, and/or a need to keep test costs down, such testing isn’t always feasible.
When this is the case, clients often require more flexible testing methods, ones which overcome the issues laid out above and compliment their more strategic penetration test schedule.
Bug bounties are a great option for these flexible testing needs, however, many companies avoid traditional bug bounty programs due to their public nature and lack of certainty around qualifications, credentials and the legitimacy of the people accessing their confidential systems, data and IP.
Our Private Bug Bounty Service has been designed to fully address these concerns and we only use our own fully employed, highly qualified staff within our bug bounty programme. It’s the same testers that carry out our regular penetration testing engagements, so clients can be sure they are getting the same high-quality testing, reporting and support they’ve come to expect.
Paul Harris, Managing Director of Pentest, “Our aim has always been to support ongoing information security improvement efforts and to provide our clients with the security assurances they need. Our Private Bug Bounty Service continues this ethos and we are extremely pleased to be able to extend the support we offer to existing and future clients.”