From the course: Launch a Bug Bounty Program
Unlock the full course today
Join today to access over 25,000 courses taught by industry experts.
Set the scope for target products and services
From the course: Launch a Bug Bounty Program
Set the scope for target products and services
- [Instructor] So far, we have learned that bug bounty programs can be a great way to harness the power of the cybersecurity community to find vulnerabilities in your organization digital assets. However, when opening the doors to researchers, it is vital to maintain control over the testing process. This control can be achieved by carefully defining the scope of your bug bounty program. Let's start by emphasizing why it is essential to limit intrusive testing. Intrusive testing, also known as aggressive or unrestricted testing, can potentially disrupt your production environment. The last thing you want is for well-intentioned researchers to accidentally bring down your systems or services while searching for vulnerabilities. To avoid disruption, it is important to define which use cases and types of testing are strictly forbidden. Some examples that should be out of scope are exfiltration of customer data, using social engineering or phishing attacks, or causing denial of service…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.