SERVICES
Bug Bounty Management
Planning to start a bug-bounty program after an audit? Finding resources for bug-bounty management is a challenging task. Our team of security engineers has years of professional experience in managing bug-bounty programs and bug triaging, from defining the scopes and rules of engagement to deciding the bounty amounts based on the right severity evaluation. This approach allows your team to work only on valid bugs as forwarded by the triagers rather than spending a lot of time on noises and invalid reports, which are common in bug-bounty management.
PROCESS FLOW
Our process flow is smooth and simple.
Schedule
A Meeting
Scope Assessment
And Timeline
Payment
for Services
Security
Audit
Draft
Report
Retesting
Final
Audit Report
Bug Bounty Management
| S.NO | Audit Category | Audit Category Checklist |
|---|---|---|
| 1 | Recon and OSINT | Whois information discovery |
| IP and IP range enumeration | ||
| DNS enumeration | ||
| Subdomain enumeration | ||
| Certificate information gathering | ||
| Fingerprinting of Web Services and Technologies | ||
| Enumerating open ports and services | ||
| Credential Stuffing for leaked Employee data | ||
| GitHub leak detection for sensitive information | ||
| Information exposed through archived data | ||
| Conduct Search Engine Discovery Reconnaissance for Information Leakage | ||
| 2 | Authentication Testing | Whois information discovery |
| Testing for Credentials Transported over an Encrypted Channel | ||
| Testing for Default Credentials | ||
| Testing for Weak Lock Out Mechanism | ||
| Testing for Bypassing Authentication Schema | ||
| Testing for Vulnerable Remember Password | ||
| Testing for Browser Cache Weaknesses | ||
| Testing for Weak Password Policy | ||
| Testing for Weak Security Question Answer | ||
| Testing for Weak Password Change or Reset Functionalities | ||
| Testing for Weaker Authentication in Alternative Channel | ||
| 3 | Recon and OSINT | Whois information discovery |
| Whois information discovery | ||
| IP and IP range enumeration | ||
| DNS enumeration | ||
| Subdomain enumeration | ||
| Certificate information gathering | ||
| Fingerprinting of Web Services and Technologies | ||
| Enumerating open ports and services | ||
| Credential Stuffing for leaked Employee data | ||
| GitHub leak detection for sensitive information | ||
| Information exposed through archived data |
