BugBase Documentation
  • 👋Welcome to BugBase Docs
  • Overview
    • 💡What we do
    • ⚡Changelogs
    • ✨Our Features
    • 📂Programs at BugBase
      • Vulnerability Disclosure Program (VDP)
      • Bug Bounty Program
      • Private Bounty Program
      • Pentest Program (VAPT)
  • Report Lifecycle
    • Bug Report
    • Report Status
  • How To
    • 👨‍💻Invite Organization Members to BugBase (RBAC)
    • 🚩Setup a Campaign for better program engagement
    • 🐛Submit a Bug Report on BugBase
    • 📑Create a Bug Bounty Program on BugBase
    • ⬇️Download the mobile app
  • Company Guide
    • 👨‍💼Create a Company Account
    • 🧭Navigation
    • 🛡️Assets Dashboard
    • 🗝️Credential Vaults
      • Creating a Credential Vault
      • Adding Credentials to Vault
      • Connect Credential Vault to an Asset
      • Require Whitelisting for a Credential
    • 🔐VPN Servers
      • Create, Configure and Deploy VPN server
      • Monitor Live Statistics and Logs
    • 🗂️Programs Dashboard
      • ⛳Create a Program
    • 📢Customer Support
    • 💵Bounty Bin
    • ⚙️Company Settings
      • 👨‍🏫Profile
      • 🏢Organisation
      • 👨‍🏭Roles and Permissions
      • 🔐Security & Authentication
        • Multi-Factor Authentication
        • SSO with SAML
          • Okta SSO setup via SAML
          • Google SSO setup via SAML
      • 🎨Customization
        • Automations
        • Report Tags
      • 📙Manage Access
    • 📈Insights Dashboard
    • 🔊Campaigns
    • 💲Understanding Currencies Used in BugBase
    • 🤝Whitelist
  • Program guide
    • Bug Bounty Dashboard
      • Program Reports Section
        • Report Components
        • Report Actions
        • Duplicating Reports
        • Assigning Swags
        • Assigning Bounties
        • Assigning Thanks to Reporters
        • Assigning Bonus Bounty
        • Automatic Response Generator using ChatGPT
      • Program Policy
        • Editing Program Policy
          • Best Practices For Designing Policy
          • Best Practices For Bounty Tables
      • Payouts
      • Settings
    • Private Bug Bounty Dashboard
      • Invite Hackers
      • Manage Credentials
    • VDP Dashboard
    • Pentest Dashboard
      • Pentest Overview
      • Vulnerabilities Section
        • Pentest Report Components
        • Pentest Report Actions
      • Global Pentest Chat
    • Competition Dashboard
      • Dashboard
      • Creating a Competition
        • Adding Challenges
      • Manage Competitions
        • Statistics
        • Leaderboard
        • Manage Users
  • Bounty Hunter Guide
    • Bounty Hunter Dashboard
    • Bounty Hunter Profile
    • Programs Directory
      • Program Policy Page
      • Credentials
      • VPN Access
      • Whitelist
      • Collaborate
    • Bounty Hunter Reports Section
      • Submitting Reports
      • Interaction with Program Representees
      • Collaboration
      • Response Generation through ChatGPT on Report Chat
    • Competitions
    • Discord Community
    • Leaderboard
    • Multi-Factor Authentication
    • Settings
      • Verify KYC
    • Email Alias
    • 🚀Apollo Community
  • Integrations
    • 🔗Supported Integrations
    • Webhooks
    • JIRA
      • Creating a JIRA Issue
    • Slack
      • Managing Integration
    • Microsoft Teams
    • Github
    • Asana
    • Sumo Logic
    • PagerDuty
  • on-premise
    • Running Automated Testing
    • Sandbox Environment
Powered by GitBook
On this page
  • Pre-requisites
  • Create a Bug Bounty Program

Was this helpful?

  1. How To

Create a Bug Bounty Program on BugBase

Learn how to create and setup a Bug Bounty Program on BugBase

PreviousSubmit a Bug Report on BugBaseNextDownload the mobile app

Last updated 1 year ago

Was this helpful?

Pre-requisites

  • Company Account on BugBase. You can

Create a Bug Bounty Program

  1. Login to your BugBase account and visit Programs page from your company dashboard.

  2. Click on the create new Program button.

  3. Select the type of Bug Bounty program you want to create.

Private Bug Bounty is Exclusive for selected researchers.

Public Bug Bounty is will be open to entire BugBase bounty hunter community.

  1. Enter username for the program you wish to create.

  2. Define scope of your program

Click on Add an Asset button to create a new asset.

Defining scope in your program ( Create scope groups ).

  • Enter scope group name

  • Select the type of scope group label

  • select if the scope group should be in-scope or out of scope

In scope - bounty hunters are allowed to penetrate the scope group Out scope - bounty hunter are not allowed to penetrate the scope group

  • Select if swags are given along with bounty on successful report submission

  • Enter the bounty values provided based on report priority

  • Select multiple assets you wish to add to the scope group.

To create a new scope group click on the "Create New Scope Group" button

  • Click on the next button

  1. Define participation guidelines:

  • Check yes if you want reports on issues outside the scope

  • Check yes if your program abide by conduct for good-faith security research

  • Check yes if you wish to give the opportunity to the hacker to request to make the reports public after resolution

  • Click next

  1. Provide specific areas of concern. (This could include any surface like login/registration page, any panel etc.

  • Click next

  1. Provide additional details

  • Select the type of activities you want the researcher to get into while they are working on your program.

  • Select the type of environments your assets are running in, you can select multiple values if there are multiple assets

  • Select the technologies and frameworks used on these assets you selected before.

Rules of Engagement

  • Check yes if you want to collect all the IPs of the reporters in this program

  • Check yes if you want to allow multiple researchers to collaborate with one another while testing your program

  • Specify a custom user agent the hacker should include in their requests to your asset to track

  • Enter the max number of requests allowed per second

  • Specify a custom header the hacker should use to track their activities

  • Click next

  1. Brand your program

  • Upload a program image

  • Select a colour for program banner

  • Fill out program name (this should be different from program username you entered before.

  • Write a program tagline for hackers to see when they view program

  • Mention the program website (Mention your main website)

  • Write a description for your program

  1. Schedule your program Launch

  • Select when you want your program to go live from calendar

  • click next

  1. Review your program

  • Check all the details you filled in all these steps and you can go back and edit any of these section if you click on the edit icon in their respective section

  • You can also go back to the respective section if you click on the left sidebar by clicking on the section you want to go back to.

Click on the Save and Continue Later button if you want to resume creating the program in another time.

You have successfully created your Bug Bounty program with BugBase 🎉

📑
Register here!