frequent and flexible testing from the experts at Pentest
Large scale security testing isn’t always feasible, especially for live environments or live applications where there may be limited scope, tight timescales, and/or a need to keep test costs down, for example.
Frequent security testing, however, is always advisable, and larger, more strategic penetration testing should be complemented with smaller, more flexible testing methods.
Our private bug bounty has been designed to meet these flexible testing needs, whether it’s across the organisation or for specific environments, and our aim is to provide organisations with the ongoing security assurances they need in-between full penetration tests.
Many companies avoid traditional bug bounty programs due to their public nature and lack of certainty around qualifications, credentials and the legitimacy of the people accessing their confidential systems, data and IP. Our Private Bug Bounty is designed to allay those fears, by providing a service that only uses our fully employed, highly qualified testers.
It’s the same testers that clients trust to carry out their regular penetration testing requirements, so you can expect the same high-quality testing, reporting and support that clients have come to expect from us.
the benefits of our private bug bounty service
We understand that there are many ways to operate a bug bounty, both public and private, so, why use us?
how it works
Every private bug bounty goes through a set process to ensure clients get the best possible outcome. Below we outline the key stages of the process once a client has expressed an interest in taking part.
- Scoping – We work with clients to understand their testing requirements and understand if we have the capability to perform the work.
- Agreement – A formal agreement will be put in place regarding the scope of the test, the pricing levels, the timeframes/exclusions of the test and any communication requirements.
- Portal Access – Once agreed, clients will be given access to our online bug bounty portal and we will upload the test engagement for our team of consultants to review.
- Vulnerability updates – A real-time update of vulnerabilities will be delivered via the online portal; this will contain technical information about the finding and our remediation advice.
- Post bug bounty consultancy – we can work with you to outline potential next steps and provide a road map for future testing.
Want to find out more about our private bug bounty? Our team are on hand to provide you with the information and support you need. Just fill out the form below and one of our team will be in touch shortly.