– Scope of your penetrating tests: website or mobile application, cloud infrastructure, connected object, etc. – Authorized tests (excluding denial of service for instance) and qualifying vulnerabilities, ie: remote code execution, cross site scripting, etc. – Hunters reward/payout grid. YesWeHack guides you at every step of your Bug Bounty program, basing on its unique experience gained over management of hundreds of different programs.
– Private program: to a team of hunters chosen by you with our help, according to the specific requirements of each program with our help. – Public program: to the entire YesWeHack community. YesWeHack helps you select – or select for you – the white hat hackers best suited to your needs, in order to ensure your program performance, according to our hall of fame.
– Qualify and validate vulnerabilities reported by researchers. Each vulnerability is filled through a predefined template. – Set the severity level basing on CVSS. – Reward researcher according to vulnerability severity and report quality. YesWeHack platform helps you manage relationships with researchers
– Fix the vulnerability and request the hunter to check whether the remediation is effective. YesWeHack dashboards provide KPIs to manage your programs efficiently.
Since its launch in 2013, YesWeHack have been running hundreds of programs of all sizes in the most various contexts. Our team leverages this unique expertise to guide you at every phase of setting up, launching and running your programs. We thus guarantee your programs performance, tailored to your risks objectives – and your budget. Start on a a limited scope, with small bunch of hunters, and prepare for a progressive scale up when you’re ready.
To launch your first program, we advise you to start with a limited scope, which you know well – and which has been previously hardened. When you get a first experience feedback, YesWeHack support helps you step up gradually, expanding and/or adding scope, making rules more flexible, and/or increasing the number of researchers.
YesWeHack helps you choose the number and profiles of researchers best suited to your needs: technical and functional environment of the scope to be tested, specific skills required, maturity/complexity of the scope, budget of your program, etc. YesWeHack therefore guarantees: 1 /the attractiveness of your program: that the selected researchers are the most active as possible; 2 /its performance: that they find as many relevant vulnerabilities as possible; and 3 / its budget: that you keep up with your financial constraints and don’t overpay vulnerabilities.
For each vulnerability, only the researcher who submitted the first valid report is rewarded. Researchers are rewarded according to a predefined grid for each program: the level of severity of the vulnerability, as qualified by the client, thus determines the amount of the reward. Points are also awarded, in particular according to the quality of the report and the remediation. These points allow researchers to climb in our ranking, and thus encourage them to provide a qualitative experience to the client.
YesWeHack supports you at every phase of building, launching and monitoring your program so that your program rules (scopes, rules, reward grids, number and profile of researchers) are consistent with your planned budget.
If YesWeHack detects a lack of attractiveness or a decrease in the performance of a program, our support recommends rules adjustments accordingly. This adjustment generally involves:
