Welcome to Safehats bug bounty program.This is an unique opportunity for enterprises to reach out and avail services of hundred of talented security researchers .This documentation will serve as a guide for enterprises and provide information on features of the platform as well as how to effectively manage a bug bounty programGet Started on SafeHats
All associated staff that might be affected by the program must be explained about the program objectives in detail.The developer team must be ready to resolve bug as soon as they are reported.The members of the organisation must be prepared well in advance for any disruption that might occur in the duration of the testing. Test enviroment must be created with dummy data to protect sensitive information.
Safehats offers three different kind of program depending upon security maturity of the enterprise
This clearly defines the guidelines that must be followed during the course of the program and is created with the intention of resolving any ambiguity that might arise during the course of the program.This is to help guide the hackers efforts into what needs attention and what not. This scope of the program should clearly i.e which product, what properties and what types of vulnerability are to be discovered and more specifically what all are excluded is to be clearly mentioned in the program policy. The program policy also clearly establishes protocol for communication between the program owner and the researchers. The program owners must understand that they are not to initiate any legal action against a security researcher as long as his/her actions are within the policies mentioned in the program.
The standards mentioned in the policy should strictly be followed while disclosing a bug.The details guidelines that are to be adhered while reporting a bug are mentioned in the next section Under no circumstances should information about a bug be made public,until prior approval from the organiser is obtained.
The enterprises organising bug bounty program must abide by the following
Now that you are familiar with the bug bounty program, it’s time to create and manage your account.
Just register on our website, complete your profile and you are good to go.. Just follow these simple steps.
A Program needs to be created after the creation of the company profile.Follow these steps to create and update the program :-
Once your program is created you can loop in other members and assign them role according to requirement.You can invite other members by:-
The admin can divide the users into group based upon the level of control that is to be given,depending upon the users function. Groups can be created in the “Group Management” section of the profile.
Adding/Removing New Team members.Can Only be only performed by someone with admin Access.
The initial page post sign up, here the admin can monitor all activities going on in the platform. This contains aggregate information on all programs running, bug reported bounty paid. .
The contains general information about all running program and provides admin control to enable or disable any program. By clicking on any program detail information about the program can be obtained
Here you can manage your personal account as well as the program,depending upon the access level you have..
This contains general information about all registered hackers. The admin can add, remove verify hackers from here. Clicking on any hacker section gives access to detailed profile of the hackers
All submitted reports can be veiwed from here.The user can then validate the authenticity of the report and decide if the submission is eligible for bounty
Now that you are familiar with the interface it’s time to get started on customizing and managing your account.
Updating your profile is easy. Just click on the edit icon on the top left section of your profile. You will be directed to edit profile page. Here u can enter required information and update your profile.
All member invited to be a part of the bug bounty program has access to reports submitted.For better management of submitted reports all involved members could be broken in to teams for validating and editing reports,dispersing rewards,managing teams, rectifying the reported bugs.
The user can make changes to his account in the profile section of the account.The following steps need to be followed to change personal information:-
The safeHats mission control manages all payments to hackers.We are currently in the process of integrating payment gateway and paytm wallets.Until then all payments will directly be made into the back accounts of the hackers,upon approval from corporate admins.
The contents of this documentation should fimiliarise you with workings of platform. The FAQ's section answers most general question on bug bounty program.In case of any additional queries please feel free to mail us at firstname.lastname@example.org.