What is RedStorm Crowdsourcing Cybersecurity Platform - Web & App Bug Bounty?
Before an app is released it must be rigorously tested to ensure that it’s safe and will not give attackers any backdoors to compromise data. However, searching for bugs and checking for security vulnerabilities can be a tough and time-consuming task for developers. It’s often difficult for developers to hunt for bugs and vulnerabilities with the same ingenuity as a group of white hat hackers.
As a straightforward solution to deal with these issues, the Crowdsourcing Cybersecurity Platform offers developers the ability to publish their applications to a global community of researchers, or white hat hackers, to help identify bugs and vulnerabilities. The platform provides you a new way to crowdsource hackers and InfoSec experts to pinpoint vulnerabilities in IT systems by actually inviting them to attack - and then you can give rewards for those who responsibly disclose found vulnerabilities.
With the system, you can determine the target scope of what needs to be tested, for example, the front page of the web application or a mobile application. When a security vulnerability is found by the researchers, their submissions will be triaged and prioritized in determining their validity as well as risk level. Subsequently, you give out monetary rewards (or other forms) to the researchers that have reported valid security issues. Afterward, you fix the reported vulnerabilities immediately and verify that the relevant attack vectors have been properly secured.
There are 2 ways that you can utilize the system:
-
Subscription
Ranging from medium to long terms, a subscription is the most ideal way of utilizing the system since you will constantly be monitored for vulnerabilities. For this, you can have an unlimited fund for rewards and can be added when it is depleting while the subscription program still running.
-
Fixed Short Term.
The fix short term is ideal for a one-time event and lasts for a relatively short period (a couple of weeks). There are 2 types of Fixed Short Term Program: Contest and Standard. In the Contest Program, researchers will perform their best abilities to find bugs and vulnerabilities in a certain given time (1 or 2 weeks). At the end of the period, winners will be announced and rewarded. The standard program is similar to a subscription but is limited to the agreed total of the fund. The program will end once the fund’s balance runs out.
What will you get by purchasing the service?
A Huge Crowd of Testers
With more testers, there is more of a chance to explore every vulnerability, go down every rabbit hole, and check every nook and cranny of the target.
Access to Diverse Skill Sets and Expertise
Since there are so many testers coming from a lot of different fields, the testing scenarios, and vulnerability checks tend to be very diverse and sophisticated as well.
Pay for Results, not Efforts
Bug bounty hunters get paid in a result-oriented model. This is the reason why the quality of the bugs that the hunters find are usually of much higher quality, i.e., the kind of bugs that most smart hackers will exploit.
Continuous Testing
Each time you make a change or add new functionality, it will be evaluated without having to sign up or wait for your next penetration test. This allows you to constantly have an up-to-date understanding of your risk.
Here are the detailed features of the service
01. Programs Development Consultation
Assisting in program draft development and consulting with you as a program owner in terms of the targets of application or network that will be tested, including the reward amount.
02. Inviting Researchers
Subsequently, researchers and InfoSec experts will be invited to participate in the program. The profile and numbers of researchers will be appropriately determined jointly with you as the program owner.
03. Validating and Assessing Risk Level and Security Vulnerability Reports
Our Analysts will conduct tests upon received reports and ask for further clarification if needed. If a report is valid, a risk level assessment will be conducted according to the international standard in cybersecurity.
04. Notifying and Reminding Program Owner of Crucial Founds
If there is a report that needs immediate attention and follow-up due to its significant risks, our analysts will notify the program owner and provide consultations if needed.
05. Giving Rewards to Researchers
Representing you as the program owner, we will give the rewards for researchers according to the risk level of their founding.
06. Conducting Confirmation test to Ensure Problem Solving
Our Analysts will also ensure each improvement made by the program owner solved previously reported problems by performing tests. If needed, the bug founder can also be asked to perform a voluntary re-test.