SafeHats is an Extension to Your Existing Security Team.

The SafeHats Launchpad program gives enterprises a unified platform for easy management and deployment of their Enterprise Bug Bounty Programs

Tap into our vast network of trusted security researchers and verified hackers to extend your security system, and ultimately protect your customers’ interests better. Gain access to a comprehensive range of security skills, without having to scale up a team internally. All the benefits; none of the disadvantages. Pay only for the bugs that are original, genuine, and verified. Focus on your enterprise goals, and leave the security of your application to SafeHats.

Customize your Enterprise Security Program

Running an Enterprise bug bounty program for the first time?

Test the waters with a private program, and invite only the security researchers you want for penetration testing. On the other hand, a public program opens it up to our full network of hackers to submit bug reports, and is a great way to scale up your security operation.

Full-featured Enterprise Dashboard

Instant overviews of your programs, bugs reported, hackers, swag counts, and bounty amounts. Get deep insights at a touch, with data visualization and actionable tasks.

Detailed Researcher Profiles

A full list of available hackers, with detailed stats about their previous work. Cherry pick and invite to your private programs based on metrics: karma points, ranking, bug resolution history, and much more.

Dedicated Bug Report Page

Analyse your bug reports in one place with laser focus. Check out submitted bugs, and assess their criticality, current status, and submitter information.

WALK - RUN - FLY PROGRAMS

Extend your internal security teams with the best talent the web has to offer

Programme Features	Selective Program • On-demand solutions for specific release • Fixed scope programs • Invite-only security researchers	Managed Program • SafeHats manage program • Dedicated security advisor • Time-bound programs • Invite-only security researcher	Public Program • Set bounty amounts and swag • Access to the full pool of trusted and verified security researchers
ideal for	Enterprises looking to start with bug bounty programs. Get a feel for the way the process works, and incorporate it gradually into your existing system.	Enterprises which have strong and well-defined security goals, but not the time and personnel resources to manage their bug bounty programs in-house.	Enterprises with an agressive stance on security, who want bugs found and resolved ASAP.
Vulnerability Management
Security page	✔	✔	✔
ISO 2914 Compliance	✔	✔	✔
Bounty Management
Bounty Guidance	✔	✔	✔
Bounty Processing	✔	✔	✔
Researcher Engagement	✔	✔	✔
Managed Bounty Services	✔	✔
Program Management
Hacker Reputation	✔	✔	✔
Hacker Messaging	✔	✔
Hacker Invitation		✔
Triage Services		✔
Meditation Services	Limited	Unlimited

Learn More

SafeHats' Approach and Methodology

SafeHats follow OWASP Application Security and Verification Standards (ASVS) v3.0 to normalize the range in coverage, level of rigor, and reporting requirement for performing application security verification.

It defines 3 levels of Application level, 16 Verification Requirement, and 179 reporting requirements.

Application level includes:

Level 1 (Opportunistic) : It is meant for all softwares

Level 2 (Standard) : It is applicable for application that contains sensitive data and handles significant business to business transactions.

Level 3 (Advanced): It is applicable for most critical applications and may be found within areas of military, health and safety, critical infrastructure, etc.

Sl. No	Verification Requirements	Level 1 Opportunistic	Level 2 Standard	Level 3 Advanced
1	Architecture, Design and Threat Modelling	1	6	10
2	Authentication	17	24	26
3	Session Management	11	12	13
4	Access Control	7	11	12
5	Malicious Input Handling	10	20	21
6	Cryptography at Rest	2	7	10
7	Error Handling and Logging	1	7	12
8	Data Protection	4	8	11
9	Data Protection	7	8	13
10	HTTP Security Configuration	6	8	8
11	Malicious Controls	0	0	2
12	Business Logic	0	2	2
13	File and Resources	7	9	9
14	Mobile	6	9	11
15	Web Services	7	10	10
16	Configuration	1	5	9
	Total Test Cases	87	146	179

Steps to Successful Enterprise Bug Bounty Program /VRP with SafeHats

% SMBs have experienced some kind of cyber attacks

% Cyber Attacks Target Small Businesses

% SMBs that have experienced a data breach go out of business within 6 months

% Employees leave their computers unsecured

Watch the video

FAQs

How do I know which program to start with?

Programs has been designed for enterprises based on their level of security maturity. Early adopters are recommended to start with enterprise program. It is designed for enterprises who want to conduct penetration testing at fixed intervals. Security matured enterprises are recommended with private managed program.

SafeHats team will manage the entire program so that they could focus on bug fixing. Once the enterprise is confident of his security posture and want to expose its application to public to receive vulnerability reports that is difficult to exploit.

When is the right time to start bug bounty program for your enterprise?

Security is a continuous effort. With Safehats program, you can run continuous security testing of your applications. With pay per bug (PPB) model approach, it is extremely cost effective solution compared to traditional penetration testing.

What is the bounty amount and minimum budget that I need to set?

We will provide you guidance in setting the bounty amount and bounty budget. It is advisable to allocate budget for minimum six months to one year to see significant benefits and returns on your investment.

Can I hold or disable my program?

Yes it is possible to hold or disable program after the program runs for few months on case to case basis.

Do you know?

Cyber attackers target SMBs

70%

Cyber attackers target SMBs: 70%

SMBs affected by cyber attacks

50%

SMBs affected by cyber attacks: 50%

Affected SMBs getting out of business

60%

Affected SMBs getting out of business: 60%

Employees leaving their computer unsecured

75%

Employees leaving their computer unsecured: 75%

SafeHats Managed Enterprise Bug Bounty Program

Our acclaimed 'Managed Enterprise Bug Bounty Program' has been carefully calibrated to provide the best value for large enterprises. We become an extension of your security setup, by not only creating, deploying, and tracking bugs raised by researchers, but by using in-house expertise to adjust programs as required.

Enterprises Get Started

Researchers Enroll Now