Private Bug Bounty

Frequent and flexible testing to provide the ongoing cybersecurity assurances you need

Our private bug bounty service

Large scale security testing isn’t always feasible, especially for live environments or live applications where there may be limited scope, tight timescales, and/or a need to keep test costs down. Frequent security testing, however, is always advisable, and larger, more strategic penetration testing should be complemented with smaller, more flexible testing methods.

Many companies avoid traditional bug bounty programs due to their public nature and lack of certainty around qualifications, credentials and the legitimacy of the people accessing their confidential systems, data and IP. Our Private Bug Bounty is designed to allay those fears, by providing a service that only uses our fully employed, highly qualified testers.

It’s the same testers that clients trust to carry out their regular penetration testing requirements, so you can expect the same high-quality testing, reporting and support that clients have come to expect from us.

Extend your testing capacity

Our private bug bounty is designed to meet your flexible testing needs, whether it's across the organisation or specific environments. Providing ongoing security assurances between larger testing requirements.

Dedicated, expert test consultants

Our private bug bounty only has a few select clients on the platform, meaning there's no competition for attention and every project has access to our team of experienced testers.

Cost effective ongoing testing

You only pay for the vulnerabilities we discover and a pricing schedule, based upon the severity of findings using CVSS scoring methodologies, will be agreed in advance of any testing.

More effective test coverage

Our bug bounty testing knowledge will remain in-house, leveraging this knowledge to ensure we provide better coverage, rather than the 'lone wolf' approach used by more traditional bug bounties.

What we review

Our private bug bounty service will be based on your requirements and tailored to your objectives. Whilst our approach may be tailored, our private bug bounty will typically be used to review:

Web & Mobile Applications

Our application testing is aligned with industry standards such as OWASP and will look to uncover security vulnerabilities within a target application. The issues we look for will include injection vulnerabilities, security configuration & authentication, logic flaws such as access control & broken authorisation, data transfer & storage, as well as OWASP Top 10 vulnerabilities.

Network Infrastructure

Our network infrastructure testing is designed to investigate your external networks (your publicly facing networks) and/or your internal networks (the servers, devices and software that make up your internal networks), identifying potential security issues and misconfigurations that could be exploited by malicious outsiders or insider threats.

Not sure what type of testing you need?

Our team will be happy to discuss your individual requirements and provide a no obligation proposal based on your needs.

Our approach

The security confidence we provide doesn’t come from a one size fits all solution.

Every private bug bounty goes through a set process to ensure clients get the best possible outcome. Below we outline the key stages of the process once a client has expressed an interest in taking part. 

1. Scoping

Your dedicated Account Manager (AM) will work with you to understand your testing requirements and understand if we have the capability to perform the work.

2. Agreement

A formal agreement will be put in place regarding the scope of the test, the pricing levels, the timeframes/exclusions of the test and any communication requirements.

3. Portal Access

Once agreed, you will be given access to our online bug bounty portal, and we will upload the test engagement for our team of consultants to review.

4. Vulnerability Updates

A real-time update of vulnerabilities will be delivered via the online portal; this will contain technical information about the finding and our remediation advice.

5. Post-test Support

Our consultants will be available after the engagement to explain any aspect of their findings, as well as provide remediation support.

6. Further Requirements

We can work with you to understand any future information security requirements and help prioritise your next steps.

Like the sound of our approach?

You can find out more about our test process and why it sets us apart.

Contact us

Want to find out more about our private bug bounty service? Our team are on hand to provide you with the information you need. Please fill out the form below and one of our team will be in touch shortly.