Total IT Consulting & Solution Platform

Crowdsourcing Cybersecurity Platform: Web & App Security Bug Bounty Platform


What is Crowdsourcing Cybersecurity Platform: Web & App Security Bug Bounty Platform?

The Crowdsourcing Cybersecurity Platform is a bug bounty platform that you can utilize to publish your websites or applications to hundreds of experienced, skillful, and responsible independent security researchers who will systematically attack your products in a controlled, ethical, and safe manner.

With the system, you can determine the target scope of what needs to be tested, for example, the front page of the web application or a mobile application. When a security vulnerability is found by the researchers, their submissions will be triaged and prioritized in determining their validity as well as risk level. Subsequently, you give out monetary rewards (or other forms) to the researchers that have reported valid security issues. Afterward, you fix the reported vulnerabilities immediately and verify that the relevant attack vectors have been properly secured.

There are 2 ways that you can utilize the system:

  • Subscription
    Ranging from medium to long terms, a subscription is the most ideal way of utilizing the system since you will constantly be monitored for vulnerabilities. For this, you can have an unlimited fund for rewards and can be added when it is depleting while the subscription program still running.
  • Fixed Short Term.
    The fix short term is ideal for a one-time event and lasts for a relatively short period (a couple of weeks). There are 2 types of Fixed Short Term Program: Contest and Standard. In the Contest Program, researchers will perform their best abilities to find bugs and vulnerabilities in a certain given time (1 or 2 weeks). At the end of the period, winners will be announced and rewarded. The standard program is similar to a subscription but is limited to the agreed total of the fund. The program will end once the fund’s balance runs out.

What will you get by purchasing the service?

Here are the detailed features of the service

01. Programs Development Consultation

Assisting in program draft development and consulting with you as a program owner in terms of the targets of application or network that will be tested, including the amount of rewards.

02. Inviting Researchers

Subsequently, researchers and InfoSec experts will be invited to participate in the program. The profile and numbers of researchers will be appropriately determined jointly with you as the program owner.

03. Validating and Assessing Risk Level and Security Vulnerability Reports

Our Analysts will conduct tests upon received reports and ask for further clarification if needed. If a report is valid, a risk level assessment will be conducted according to the international standard in cybersecurity.

04. Notifying and Reminding Program Owner of Crucial Founds

If there is a report that needs immediate attention and follow-up due to its significant risks, our analysts will notify the program owner and provide consultations if needed.

05. Giving Rewards to Researchers

Representing you as the program owner, we will give the rewards for researchers according to the risk level of their founding.

06. Conducting Confirmation test to Ensure Problem Solving

Our Analysts will also ensure each improvement made by program owner that solved previously reported problems by performing tests. If needed, the bug founder can also be asked to perform voluntary re-test.

Looking for this solution ?
Contact Us