Private bug

frequent and flexible testing from the experts at Pentest

Large scale security testing isn’t always feasible, especially for live environments or live applications where there may be limited scope, tight timescales, and/or a need to keep test costs down, for example.

Frequent security testing, however, is always advisable, and larger, more strategic penetration testing should be complemented with smaller, more flexible testing methods.

Many companies avoid traditional bug bounty programs due to their public nature and lack of certainty around qualifications, credentials and the legitimacy of the people accessing their confidential systems, data and IP. Our Private Bug Bounty is designed to allay those fears, by providing a service that only uses our fully employed, highly qualified testers.

It’s the same testers that clients trust to carry out their regular penetration testing requirements, so you can expect the same high-quality testing, reporting and support that clients have come to expect from us.

The benefits of our private bug bounty

Extend your
testing capacity

Our private bug bounty has been designed to meet your flexible testing needs, whether it's across the organisation or for specific environments. Providing ongoing security assurances between full penetration tests.


You only pay for the vulnerabilities we discover and a pricing schedule, based upon the severity of findings using CVSS scoring methodologies, will be agreed in advance of any testing.

testing resource

Our private bug bounty only has a few select clients on the platform, meaning there's no competition for attention and every project has access to our experienced testers.

test coverage

All specific bug-bounty testing knowledge will remain in-house and we are able to leverage this knowledge to ensure better coverage, rather than the more loan wolf approach offered by more traditional open bug bounties.

Our private bug bounty approach

Every private bug bounty goes through a set process to ensure clients get the best possible outcome. Below we outline the key stages of the process once a client has expressed an interest in taking part. 

1. Scoping

We work with clients to understand their testing requirements and understand if we have the capability to perform the work. 

2. Agreeement

A formal agreement will be put in place regarding the scope of the test, the pricing levels, the timeframes/exclusions of the test and any communication requirements.

3. Portal access

Once agreed, clients will be given access to our online bug bounty portal and we will upload the test engagement for our team of consultants to review.  

4. Vulnerability updates

A real-time update of vulnerabilities will be delivered via the online portal; this will contain technical information about the finding and our remediation advice. 

5. Post bug bounty consultancy

We can work with you to outline potential next steps and provide a road map for future testing.

Why choose us

We act as a trusted adviser to our clients. Whatever your situation, our team are dedicated to making the process as seamless as possible, to pass on their wealth of expertise and to provide you with the information security support you need.

Information security experts since 2001

Dedicated account management

Services tailored to your organisation

Comprehensive, quality assured reporting

Unrivalled post-test support

Contact us

Want to find out more about our private bug bounty? Our team are on hand to provide you with the information and support you need. Just fill out the form below and one of our team will be in touch shortly.

Our latest research

Our Labs page is the place to discover our latest research, advisories, tool releases and challenges.

Looking to improve your security? Our insights are a great place to start.