A collection of most frequently asked questions and their answers.
Crowdsourcing security techniques invite groups of people (crowds) to test an asset's vulnerabilities. People vary from less than tens to hundreds of simultaneous tests. "Bug bounties", "Vulnerability Disclosure Programs (VDP)", and "Responsible Disclosure Programs" are all under the umbrella of crowdsourced security.
Bug Bounty is a monetary reward awarded to ethical hackers who successfully discover and report vulnerabilities or bugs to application developers. The bug bounty program allows businesses to use the hacker community to continuously improve the security posture of their systems.
Bug Bounty Platforms are software used to deploy bug bounty programs. Most businesses use bug bounty platforms like HAKTIV to supplement their in-house QA and bug-finding efforts. Bug bounty programs are especially valuable for businesses that are able to test bugs in a way that doesn’t expose sensitive information, so that bug bounty platforms can work on the entire application. Bug bounty platforms often also include penetration testing services, so businesses can see if they have any vulnerabilities before they are exposed by a bad actor.
Public programs mean that all security researchers registered on HAKTIV are eligible to test on their in-scope assets, meanwhile, Private programs are invitation-only based which limits the number of security researchers.
Pentest and bug bounty allow testing web & mobile apps by simulating attacks to detect and fix vulnerabilities. The pentest is a service performed by one or two security engineers working for a specialized company, while a bug bounty relies on wide range of independent security researchers that get paid per vulnerability.
Our experienced security researchers conduct only black-box testing on your external assets with no special access from any kind, they are specialized in zero-day bugs, critical bugs, and have several CVEs under their names.
Send us all your inquiries and will get back to you with a schedule link