SafeHats | Managed Bug Bounty ProgramSafeHats | Managed Bug Bounty ProgramSafeHats | Managed Bug Bounty ProgramSafeHats | Managed Bug Bounty Program
  • Solutions
    • Enterprise Bug Bounty Program
    • The Real Hackathon
    • For Startups
  • Researchers
  • Blog
  • Resources
    • Resources
    • FAQ
    • SafeHats Guide
    • Customer Advisory Council
    • Hacker Advisory Council
    • How to sell SafeHats to your Boss?
  • Company
    • Team
    • Careers
    • Partners
    • Newsroom
  • Contact Us
  • LOGIN
  • SIGNUP
    • For Enterprises
    • For Researchers

SafeHats is an Extension to Your Existing Security Team.

The SafeHats Launchpad program gives enterprises a unified platform for easy management and deployment of their Enterprise Bug Bounty Programs

Tap into our vast network of trusted security researchers and verified hackers to extend your security system, and ultimately protect your customers’ interests better. Gain access to a comprehensive range of security skills, without having to scale up a team internally. All the benefits; none of the disadvantages. Pay only for the bugs that are original, genuine, and verified. Focus on your enterprise goals, and leave the security of your application to SafeHats.

SafeHats Bug Bounty Program

Customize your Enterprise Security Program

Running an Enterprise bug bounty program for the first time?

Test the waters with a private program, and invite only the security researchers you want for penetration testing. On the other hand, a public program opens it up to our full network of hackers to submit bug reports, and is a great way to scale up your security operation.

safehats_software

Full-featured Enterprise Dashboard

Instant overviews of your programs, bugs reported, hackers, swag counts, and bounty amounts. Get deep insights at a touch, with data visualization and actionable tasks.

Detailed Researcher Profiles

A full list of available hackers, with detailed stats about their previous work. Cherry pick and invite to your private programs based on metrics: karma points, ranking, bug resolution history, and much more.

Dedicated Bug Report Page

Analyse your bug reports in one place with laser focus. Check out submitted bugs, and assess their criticality, current status, and submitter information.

WALK - RUN - FLY PROGRAMS

Extend your internal security teams with the best talent the web has to offer

Programme Features

Selective Program



• On-demand solutions for specific release
• Fixed scope programs
• Invite-only security researchers


Managed Program



• SafeHats manage program
• Dedicated security advisor
• Time-bound programs
• Invite-only security researcher


Public Program



• Set bounty amounts and swag
• Access to the full pool of trusted and verified security researchers
ideal for Enterprises looking to start with bug bounty programs. Get a feel for the way the process works, and incorporate it gradually into your existing system. Enterprises which have strong and well-defined security goals, but not the time and personnel resources to manage their bug bounty programs in-house. Enterprises with an agressive stance on security, who want bugs found and resolved ASAP.
Vulnerability Management
Security page ✔ ✔ ✔
ISO 2914 Compliance ✔ ✔ ✔
Bounty Management
Bounty Guidance ✔ ✔ ✔
Bounty Processing ✔ ✔ ✔
Researcher Engagement ✔ ✔ ✔
Managed Bounty Services ✔ ✔
Program Management
Hacker Reputation ✔ ✔ ✔
Hacker Messaging ✔ ✔
Hacker Invitation ✔
Triage Services ✔
Meditation Services Limited Unlimited
Learn More
Learn More
Learn More

SafeHats' Approach and Methodology

SafeHats follow OWASP Application Security and Verification Standards (ASVS) v3.0 to normalize the range in coverage, level of rigor, and reporting requirement for performing application security verification.

It defines 3 levels of Application level, 16 Verification Requirement, and 179 reporting requirements.

Application level includes:

Level 1 (Opportunistic) : It is meant for all softwares

Level 2 (Standard) : It is applicable for application that contains sensitive data and handles significant business to business transactions.

Level 3 (Advanced): It is applicable for most critical applications and may be found within areas of military, health and safety, critical infrastructure, etc.

Sl. No Verification Requirements Level 1 Opportunistic Level 2 Standard Level 3 Advanced
1 Architecture, Design and Threat Modelling 1 6 10
2 Authentication 17 24 26
3 Session Management 11 12 13
4 Access Control 7 11 12
5 Malicious Input Handling 10 20 21
6 Cryptography at Rest 2 7 10
7 Error Handling and Logging 1 7 12
8 Data Protection 4 8 11
9 Data Protection 7 8 13
10 HTTP Security Configuration 6 8 8
11 Malicious Controls 0 0 2
12 Business Logic 0 2 2
13 File and Resources 7 9 9
14 Mobile 6 9 11
15 Web Services 7 10 10
16 Configuration 1 5 9
Total Test Cases 87 146 179

Steps to Successful Enterprise Bug Bounty Program /VRP with SafeHats

Bug Bounty Program
0
% SMBs have experienced some kind of cyber attacks
0
% Cyber Attacks Target Small Businesses
0
% SMBs that have experienced a data breach go out of business within 6 months
0
% Employees leave their computers unsecured

Watch the video

FAQs

How do I know which program to start with?

Programs has been designed for enterprises based on their level of security maturity. Early adopters are recommended to start with enterprise program. It is designed for enterprises who want to conduct penetration testing at fixed intervals. Security matured enterprises are recommended with private managed program.

SafeHats team will manage the entire program so that they could focus on bug fixing. Once the enterprise is confident of his security posture and want to expose its application to public to receive vulnerability reports that is difficult to exploit.

When is the right time to start bug bounty program for your enterprise?

Security is a continuous effort. With Safehats program, you can run continuous security testing of your applications. With pay per bug (PPB) model approach, it is extremely cost effective solution compared to traditional penetration testing.

What is the bounty amount and minimum budget that I need to set?

We will provide you guidance in setting the bounty amount and bounty budget. It is advisable to allocate budget for minimum six months to one year to see significant benefits and returns on your investment.

Can I hold or disable my program?

Yes it is possible to hold or disable program after the program runs for few months on case to case basis.

Do you know?

Cyber attackers target SMBs
70%
Cyber attackers target SMBs: 70%
SMBs affected by cyber attacks
50%
SMBs affected by cyber attacks: 50%
Affected SMBs getting out of business
60%
Affected SMBs getting out of business: 60%
Employees leaving their computer unsecured
75%
Employees leaving their computer unsecured: 75%

SafeHats Managed Enterprise Bug Bounty Program

Our acclaimed 'Managed Enterprise Bug Bounty Program' has been carefully calibrated to provide the best value for large enterprises. We become an extension of your security setup, by not only creating, deploying, and tracking bugs raised by researchers, but by using in-house expertise to adjust programs as required.

Enterprises Get Started
Researchers Enroll Now

SafeHats is an advanced managed bug bounty platform which connects you to a crowd of highly skilled, trusted and curated security researchers to identify vulnerabilities in your digital assets

Quick Links

  • Home
  • Researchers
  • Blog
  • Contact Us
  • Sitemap

Company

  • Careers
  • Newsroom
  • Partner Program
  • Resources Featured Doc
  • Customer Advisory Council

Important Links

  • Login
  • Signup for Enterprises
  • Signup for Researchers
Copyright © 2020 InstaSafe. All Rights Reserved.
  • Solutions
    • Enterprise Bug Bounty Program
    • The Real Hackathon
    • For Startups
  • Researchers
  • Blog
  • Resources
    • Resources
    • FAQ
    • SafeHats Guide
    • Customer Advisory Council
    • Hacker Advisory Council
    • How to sell SafeHats to your Boss?
  • Company
    • Team
    • Careers
    • Partners
    • Newsroom
  • Contact Us
  • LOGIN
  • SIGNUP
    • For Enterprises
    • For Researchers
SafeHats | Managed Bug Bounty Program