What does a Bug Bounty Security Testing program look like?
What types of assets can be considered?
First and foremost the assets should be available through the internet. The ethical hackers and researchers use the internet to get access to the assets to further test and look for vulnerabilities. Besides this there are a few more topics we consider to select your assets for a bug and bounty program. Some examples are:
- The asset is in ownership by you but could be managed by a third party.
- When the asset is compromised the consequences could be impactful.
- Test environments and acceptance environments.
- Discovering vulnerabilities for the asset brings value regardless of the impact of the consequences.
- Testing credentials, etc.
Included in this program are:
- One program (test period = 4-6 weeks);
- Approximately 25 reports;
- Kiwa test summary report (after test period);
- 40 handpicked security researchers (ID checked).
Kiwa is a trusted and independent third party that performs tests to provide the basis for guaranteed quality. Together with Intigriti we offer you a bug bounty service which allows for a thorough check-up of the web and cybersecurity of your assets. As systems and organisations are digitalising so do our means of testing and inspecting. As cybersecurity is an important cornerstone of our digital age, Kiwa is heavily involved in providing high quality, useful penetration tests and services. We are your partners for progress!