📑Create a Bug Bounty Program on BugBase

Learn how to create and setup a Bug Bounty Program on BugBase

Pre-requisites

Create a Bug Bounty Program

  1. Login to your BugBase account and visit Programs page from your company dashboard.

  2. Click on the create new Program button.

  3. Select the type of Bug Bounty program you want to create.

Private Bug Bounty is Exclusive for selected researchers.

Public Bug Bounty is will be open to entire BugBase bounty hunter community.

  1. Enter username for the program you wish to create.

  2. Define scope of your program

Click on Add an Asset button to create a new asset.

Defining scope in your program ( Create scope groups ).

  • Enter scope group name

  • Select the type of scope group label

  • select if the scope group should be in-scope or out of scope

In scope - bounty hunters are allowed to penetrate the scope group Out scope - bounty hunter are not allowed to penetrate the scope group

  • Select if swags are given along with bounty on successful report submission

  • Enter the bounty values provided based on report priority

  • Select multiple assets you wish to add to the scope group.

To create a new scope group click on the "Create New Scope Group" button

  • Click on the next button

  1. Define participation guidelines:

  • Check yes if you want reports on issues outside the scope

  • Check yes if your program abide by conduct for good-faith security research

  • Check yes if you wish to give the opportunity to the hacker to request to make the reports public after resolution

  • Click next

  1. Provide specific areas of concern. (This could include any surface like login/registration page, any panel etc.

  • Click next

  1. Provide additional details

  • Select the type of activities you want the researcher to get into while they are working on your program.

  • Select the type of environments your assets are running in, you can select multiple values if there are multiple assets

  • Select the technologies and frameworks used on these assets you selected before.

Rules of Engagement

  • Check yes if you want to collect all the IPs of the reporters in this program

  • Check yes if you want to allow multiple researchers to collaborate with one another while testing your program

  • Specify a custom user agent the hacker should include in their requests to your asset to track

  • Enter the max number of requests allowed per second

  • Specify a custom header the hacker should use to track their activities

  • Click next

  1. Brand your program

  • Upload a program image

  • Select a colour for program banner

  • Fill out program name (this should be different from program username you entered before.

  • Write a program tagline for hackers to see when they view program

  • Mention the program website (Mention your main website)

  • Write a description for your program

  1. Schedule your program Launch

  • Select when you want your program to go live from calendar

  • click next

  1. Review your program

  • Check all the details you filled in all these steps and you can go back and edit any of these section if you click on the edit icon in their respective section

  • You can also go back to the respective section if you click on the left sidebar by clicking on the section you want to go back to.

Click on the Save and Continue Later button if you want to resume creating the program in another time.

You have successfully created your Bug Bounty program with BugBase 🎉

PreviousSubmit a Bug Report on BugBaseNextDownload the mobile app

Last updated