Getting Started

Welcome Aboard.!! Thus begins your journey with Safehats, a comprehensive Bug-bounty platform by Instasafe. This is an exciting opportunity for you to be rewarded for your skills, by alerting companies to the vulnerabilities in their product and services,before they can be exploited. Gain a firsthand white-hat experience and learn from expertise of fellow researchers, and in time establish yourself as a reliable security researcher, while earning cash and goodies. This documentation will guide you in getting familiarized with the platform enable you to start working soon, as well as be your guide in case you face some problem. Happy Hunting...!!

Get Started on SafeHats

Creating An Account

Just register on our website, complete your profile and you are good to go. Follow these simple steps:-

  1. Go to https://safehats.com and SIGNUP as a researcher.
  2. Fill in the required details and signup.
  3. A verification mail will be sent to the registered Email id. Click on the link to verify your account.
  4. You will be directed to the home page. Click on Login. Sign into your account by entering your credentials.
  5. You will now be directed into your account. Congratulations you are now registered as a researcher.

Sections Of Your Account

Dashboard

This is the first page u land after logging in. It contains information about status bug bounty reports submitted by you, and about received by you. This is to keep you updated about activities.

Programs

Information on program the reasearcher is a part of,and all associated data is a part of is displayed here

Profile

The contains general information about the user. It is also the public facing part of the user account. This contains metric to judge the hacker’s overall performance. This section also enables the user to add and edit personal and payment related information.

Get More Program Invitations

Complete all the sections of your profile to get invitations from different programs.

Unverified Profile

Upload your ID as soon as you create a profile.Profile without a valid Id proof will not be considerd eligible for participation into any program.

Inbox

The detail status of all submitted reports can be veiwed from here.

Leaderboard

This displays the top ranking hackers along with metrics of performance

Managing Your Account

Now that you are familiar with the interface it’s time to get started on customizing and managing your account.

Editing/Updating Account Info

Updating your profile is easy. Just click on the edit icon on the top left section of your profile. You will be directed to edit profile page. Here u can enter required information and update your profile.

Identity Verification

  1. Keep a scanned copy of your I-card ready. This can be any Government issued id card (passport, driver’s license, Adhar card etc.)
  2. Click on the `Identity Verification’ tab of the `Profile Settings Panel’ (2.2.1).
  3. In the following page select country, document type. After uploading the required document click on get verified.
  4. You will be notified when verification is complete.

Invitation Preference

  1. Select your preference regarding what kind of bounty programs you want to be a part of, in the `Invitation preferences’ option of ‘ Profile Settings’ panel. Select and update your preference in the following page.

Programs

Types Of Program

    Safehats offers three different kind of program depending upon security maturity of the enterprise

  • Walk(Enterprise):-.This program is only for researchers curated by Safehats management.

  • Run(Private Managed):-This is a managed vulnerability disclosure program involving selected high quantity hackers in a time bound manner.Participation in a particular RUN program is by invite only.

  • Fly(Public):- The FLY program is open to all.The researcher can choose which program to participate in, based upon their individual skills and interest.

Program Eligibility

All security researchers registered on the platform are eligible to participate in public/Fly Programs. Participation into Run programs is by invite only.The hackers are selected on a variety of factors depending upon their skill,expertise,karma score depending upon discretion of the program owner.

Program Policy

This clearly defines the guidelines that must be followed during the course of the program and is created with the intention of resolving any ambiguity that might arise during the course of the program.This is to help guide your efforts into finding what vulnerability needs attention and what not. This scope of the program i.e which product, what properties and what types of vulnerability are to be discovered and more specifically what all are excluded is clearly mentioned in the program policy. This also contains how the vulnerabilities discovered, should be communicated to the program owner.

The standards mentioned in the policy should strictly be followed while disclosing a bug.The details guidelines that are to be adhered while reporting a bug are mentioned in the next section Under no circumstances should information about a bug be made public,until prior approval from the organiser is obtained.

Managing Submission

Reports can be submitted by clicking on the “Submit-Report” section of the program’s home page which will direct to the Submission.

A submitted report consists of the following sections:-

  1. Title:-This should contain a general introduction on the bug,where it was found and impact.
    Example :-”Sql Injection in User login allows extraction of data”
  2. Type:- Information on category of application,(Web application/Mobile application) and category of vulnerability discovered can be selected from the drop down list.
  3. Bug Information:- A detailed account of the bug along with the steps to reproduce it must be vividly described so that it is easier for the organisation to validate the issue.
  4. Severity:- The severity of the bug found as per the OWASP standards can be adjusted on the provided scale.
  5. Attachments:- Any photos, PDF, videos providing proof of concept can be attached for additional validity.

Payment Settings

This clearly defines the guidelines that must be followed during the course of the program and is created with the intention of resolving any ambiguity that might arise during the course of the program.This is to help guide your efforts into finding what vulnerability needs attention and what not. This scope of the program i.e which product, what properties and what types of vulnerability are to be discovered and more specifically what all are excluded is clearly mentioned in the program policy. This also contains how the vulnerabilities discovered, should be communicated to the program owner.

Support

The contents of this documentation should fimiliarise you with workings of platform. The FAQ's section answers most general question on bug bounty program.In case of any additional queries please feel free to mail us at support@safehats.com.