private bug
bounty

frequent and flexible testing from the experts at Pentest

Large scale security testing isn’t always feasible, especially for live environments or live applications where there may be limited scope, tight timescales, and/or a need to keep test costs down, for example.

Frequent security testing, however, is always advisable, and larger, more strategic penetration testing should be complemented with smaller, more flexible testing methods.

Our private bug bounty has been designed to meet these flexible testing needs, whether it’s across the organisation or for specific environments, and our aim is to provide organisations with the ongoing security assurances they need in-between full penetration tests.

Many companies avoid traditional bug bounty programs due to their public nature and lack of certainty around qualifications, credentials and the legitimacy of the people accessing their confidential systems, data and IP. Our Private Bug Bounty is designed to allay those fears, by providing a service that only uses our fully employed, highly qualified testers.

It’s the same testers that clients trust to carry out their regular penetration testing requirements, so you can expect the same high-quality testing, reporting and support that clients have come to expect from us.

the benefits of our private bug bounty service

We understand that there are many ways to operate a bug bounty, both public and private, so, why use us?

trusted expertise & experience

Our team of security consultants come from a diverse range of backgrounds, have years of proven experience and a depth of expertise in information security testing. All of our team are employed solely by Pentest Limited and are the same testers that carry out our penetration test services.

quality testing

We are a CREST accredited penetration testing company, working to the highest quality test standards and proven methodologies. This is complemented by individual consultant qualifications such as CREST Certified Web Application Tester, CREST Registered Penetration Tester, CREST Practitioner Security Analyst.

extensive reporting

We pride ourselves on the accuracy of our findings and our updates aren’t just designed to outline the vulnerability discovered; we also provide you with the vital remediation advice you need to fix the issue.

Our findings will always remain private under NDA and our reputation depends on the confidentiality of our work.

dedicated resource

Our private bug bounty only has a few select clients on the platform, meaning there's no competition for attention and every project has access to our experienced testers. Every client is appointed a dedicated account manager to oversee the bug bounty process and we provide access to consultants throughout the test engagement.

value for money

You only pay for the vulnerabilities we discover and a pricing schedule, based upon the severity of findings using CVSS scoring methodologies, will be agreed in advance of any testing.

There is an annual platform fee, however this is waived for the first 12 months, ensuring this service is a cost effective supplement to your penetration testing schedule.

better coverage

All specific bug-bounty testing knowledge will remain in-house and we are able to leverage this knowledge to ensure better coverage, rather than the more loan wolf approach offered by more traditional open bug bounties.

Our testing team will communicate with each other throughout engagements and will provide updates to each other on what has and has not been tested. This means there is no duplication in testing efforts.

a part of your team

We act as trusted advisers to our clients and see ourselves as an extension of your internal team. This means your team can continue to concentrate on what they do best, whilst augmenting our specialist testing skills.

how it works

Every private bug bounty goes through a set process to ensure clients get the best possible outcome. Below we outline the key stages of the process once a client has expressed an interest in taking part.  

  • Scoping  We work with clients to understand their testing requirements and understand if we have the capability to perform the work. 
  • Agreement  A formal agreement will be put in place regarding the scope of the test, the pricing levelsthe timeframes/exclusions of the test and any communication requirements. 
  • Portal Access – Once agreed, clients will be given access to our online bug bounty portal and we will upload the test engagement for our team of consultants to review 
  • Vulnerability updates  A real-time update of vulnerabilities will be delivered via the online portal; this will contain technical information about the finding and our remediation advice. 
  • Post bug bounty consultancy – we can work with you to outline potential next steps and provide road map for future testing.

contact us

Want to find out more about our private bug bounty? Our team are on hand to provide you with the information and support you need. Just fill out the form below and one of our team will be in touch shortly.