Skip to content

Researcher

Getting started

Welcome Aboard!! Thus begins your journey with Safehats, a comprehensive Bug-bounty platform by InstaSafe. This is an exciting opportunity for you to be rewarded for your skills, by alerting companies to the vulnerabilities in their products and services before they can be exploited. Gain a firsthand white-hat experience and learn from the expertise of fellow researchers, and in time establish yourself as a reliable security researcher, while earning cash and goodies. This documentation will guide you in getting familiarized with the platform and enable you to start working soon, as well as be your guide in case you face some problem. Happy Hunting...!!

Creating An Account

Just register on our website, complete your profile and you are good to go. Follow these simple steps: -

  • Go to https://safehats.com and SIGN-IN as a researcher.
  • Fill in the required details and signup.

  • A verification mail will be sent to the registered Email id. Click on the link to verify your account.

  • You will be directed to the home page. Click on Login. Sign into your account by entering your credentials.

  • You will now be directed into your account. Congratulations, you are now registered as a researcher.

Sections of your Account

Dashboard

This is the first page u land after logging in. It contains information about status bug bounty reports submitted by you, and about received by you. This is to keep you updated about activities.

Programs

Information on the program the researcher is a part of, and all associated data is a part of is displayed here.

Profile

This contains general information about the user. It is also the public facing part of the user account. This contains metrics to judge the hacker’s overall performance. This section also enables the user to add and edit personal and payment related information.

Inbox

The detailed status of all submitted reports can be viewed from here.

Leaderboard

This displays the top-ranking hackers along with metrics of performance. Based on the Number of the Reports Submitted and Bug Quality and Research Reputation, a Karma Score will be assigned to the Researcher.

The Leaderboard shows Hackers and their Karma Score.

Researcher Credibility, Performance and Hall of FAME

Managing Your Account

Now that you are familiar with the interface it’s time to get started on customizing and managing your account.

Editing/Updating Account Info

Updating your profile is easy. Just click on the edit icon on the top left section of your profile. You will be directed to edit the profile page. Here u can enter required information and update your profile.

Identity Verification

  • Keep a scanned copy of your I-card ready. This can be any Government issued id card (Passport, Driving License, Aadhar card etc.)
  • Click on the 'Identity Verification' tab of the `Profile Settings Panel’.
  • In the following page select country, document type. After uploading the required document click on get verified.
  • You will be notified when verification is completed by the Enterprise.
  • You can add multiple Identities by “Verify Another Identity”.

Invitation Preference

Select your preference regarding what kind of bounty programs you want to be a part of, in the `Invitation preferences’ option of ‘Profile Settings’ panel. Select and update your preference in the following page.

You can choose the below option as preference: - 1. Always 1. Only Bug Bounty programs 1. Never

Programs

Types of Programs

Safehats offers three different kinds of programs depending upon the security maturity of the enterprise.

  • Walk (Enterprise): -This program is only for researchers curated by Safehats management.
  • Run (Private Managed): -This is a managed vulnerability disclosure program involving selected high quantity hackers in a time bound manner. Participation in a particular RUN program is by invite only.
  • Fly (Public): - The FLY program is open to all. The researcher can choose which program to participate in, based upon their individual skills and interest.

Program Eligibility

All security researchers registered on the platform are eligible to participate in public/Fly Programs. Participation into Run programs is by invite only. The hackers are selected on a variety of factors depending upon their skill, expertise, and karma score depending upon discretion of the program owner.

You can see the Private and Public programs enrolled.

Program Policy

This clearly defines the guidelines that must be followed during the course of the program and is created with the intention of resolving any ambiguity that might arise during the course of the program. This is to help guide your efforts into finding what vulnerability needs attention and what does not. The scope of the program, i.e., which product, what properties and what types of vulnerability are to be discovered and more specifically what all are excluded is clearly mentioned in the program policy. This also contains how the vulnerabilities discovered, should be communicated to the program owner.

The standards mentioned in the policy should strictly be followed while disclosing a bug. The detailed guidelines that are to be adhered to while reporting a bug are mentioned in the next section. Under no circumstances should information about a bug be made public, until prior approval from the organizer is obtained.

Managing Report Submission

Reports can be submitted by clicking on the “Submit-Report” section of the program’s home page which will direct to the Submission.

A submitted report consists of the following sections: -

  • Title: - This should contain a general introduction on the bug, where it was found and impact. Example: - “Sql Injection in User login allows extraction of data”.
  • Type: - Information on category of application, (Web application/Mobile application) and category of vulnerability discovered can be selected from the drop-down list.
  • Bug Information: - A detailed account of the bug along with the steps to reproduce it must be vividly described so that it is easier for the organization to validate the issue.
  • Severity: - The severity of the bug found as per the OWASP standards can be adjusted on the provided scale. The severity can be categorized as None, Low, Medium, High and Critical.
  • Attachments: - Any photos, PDF, videos providing proof of concept can be attached for additional validity.

Payment Settings

This clearly defines the guidelines that must be followed during the course of the program and is created with the intention of resolving any ambiguity that might arise during the course of the program. This is to help guide your efforts into finding what vulnerability needs attention and what does not. The scope of the program, i.e., which product, what properties and what types of vulnerability are to be discovered and more specifically what all are excluded is clearly mentioned in the program policy. This also contains how the vulnerabilities discovered should be communicated to the program owner.

Support

Researchers can reach to Safehats team from “Support” Options.

Email Support

Can send email directly to to safehats@instasafe.com.

Telephone Support Research can reach out to helpdesk number +91-844-844-8548 Ext: 86

Chat Support

Help

The Researcher Help is also available inside the platform.