Create a Bug Bounty Program on BugBase

Learn how to create and setup a Bug Bounty Program on BugBase

PreviousSubmit a Bug Report on BugBase NextDownload the mobile app

Last updated 1 year ago

Was this helpful?

Create a Bug Bounty Program on BugBase

Learn how to create and setup a Bug Bounty Program on BugBase

Pre-requisites

Company Account on BugBase. You can

Create a Bug Bounty Program

Login to your BugBase account and visit Programs page from your company dashboard.
Click on the create new Program button.
Select the type of Bug Bounty program you want to create.

Private Bug Bounty is Exclusive for selected researchers.

Public Bug Bounty is will be open to entire BugBase bounty hunter community.

Enter username for the program you wish to create.
Define scope of your program

Click on Add an Asset button to create a new asset.

Defining scope in your program ( Create scope groups ).

Enter scope group name
Select the type of scope group label
select if the scope group should be in-scope or out of scope

In scope - bounty hunters are allowed to penetrate the scope group Out scope - bounty hunter are not allowed to penetrate the scope group

Select if swags are given along with bounty on successful report submission
Enter the bounty values provided based on report priority
Select multiple assets you wish to add to the scope group.

To create a new scope group click on the "Create New Scope Group" button

Click on the next button

Define participation guidelines:

Check yes if you want reports on issues outside the scope
Check yes if your program abide by conduct for good-faith security research
Check yes if you wish to give the opportunity to the hacker to request to make the reports public after resolution
Click next

Provide specific areas of concern. (This could include any surface like login/registration page, any panel etc.

Click next

Provide additional details

Select the type of activities you want the researcher to get into while they are working on your program.
Select the type of environments your assets are running in, you can select multiple values if there are multiple assets
Select the technologies and frameworks used on these assets you selected before.

Rules of Engagement

Check yes if you want to collect all the IPs of the reporters in this program
Check yes if you want to allow multiple researchers to collaborate with one another while testing your program
Specify a custom user agent the hacker should include in their requests to your asset to track
Enter the max number of requests allowed per second
Specify a custom header the hacker should use to track their activities
Click next

Brand your program

Upload a program image
Select a colour for program banner
Fill out program name (this should be different from program username you entered before.
Write a program tagline for hackers to see when they view program
Mention the program website (Mention your main website)
Write a description for your program

Schedule your program Launch

Select when you want your program to go live from calendar
click next

Review your program

Check all the details you filled in all these steps and you can go back and edit any of these section if you click on the edit icon in their respective section
You can also go back to the respective section if you click on the left sidebar by clicking on the section you want to go back to.

Click on the Save and Continue Later button if you want to resume creating the program in another time.

You have successfully created your Bug Bounty program with BugBase 🎉

PreviousSubmit a Bug Report on BugBase NextDownload the mobile app

Last updated 1 year ago

Was this helpful?

Pre-requisites

Company Account on BugBase. You can

Create a Bug Bounty Program

Login to your BugBase account and visit Programs page from your company dashboard.
Click on the create new Program button.
Select the type of Bug Bounty program you want to create.

Private Bug Bounty is Exclusive for selected researchers.

Public Bug Bounty is will be open to entire BugBase bounty hunter community.

Enter username for the program you wish to create.
Define scope of your program

Click on Add an Asset button to create a new asset.

Defining scope in your program ( Create scope groups ).

Enter scope group name
Select the type of scope group label
select if the scope group should be in-scope or out of scope

In scope - bounty hunters are allowed to penetrate the scope group Out scope - bounty hunter are not allowed to penetrate the scope group

Select if swags are given along with bounty on successful report submission
Enter the bounty values provided based on report priority
Select multiple assets you wish to add to the scope group.

To create a new scope group click on the "Create New Scope Group" button

Click on the next button

Define participation guidelines:

Check yes if you want reports on issues outside the scope
Check yes if your program abide by conduct for good-faith security research
Check yes if you wish to give the opportunity to the hacker to request to make the reports public after resolution
Click next

Provide specific areas of concern. (This could include any surface like login/registration page, any panel etc.

Click next

Provide additional details

Select the type of activities you want the researcher to get into while they are working on your program.
Select the type of environments your assets are running in, you can select multiple values if there are multiple assets
Select the technologies and frameworks used on these assets you selected before.

Rules of Engagement

Check yes if you want to collect all the IPs of the reporters in this program
Check yes if you want to allow multiple researchers to collaborate with one another while testing your program
Specify a custom user agent the hacker should include in their requests to your asset to track
Enter the max number of requests allowed per second
Specify a custom header the hacker should use to track their activities
Click next

Brand your program

Upload a program image
Select a colour for program banner
Fill out program name (this should be different from program username you entered before.
Write a program tagline for hackers to see when they view program
Mention the program website (Mention your main website)
Write a description for your program

Schedule your program Launch

Select when you want your program to go live from calendar
click next

Review your program

Check all the details you filled in all these steps and you can go back and edit any of these section if you click on the edit icon in their respective section
You can also go back to the respective section if you click on the left sidebar by clicking on the section you want to go back to.

Click on the Save and Continue Later button if you want to resume creating the program in another time.

You have successfully created your Bug Bounty program with BugBase 🎉