BI.ZONE Bug BountyBI.ZONE Bug Bounty: pentesting beyond conventional practices
Register
image reward
The BI.ZONE Bug Bounty platform connects companies and bug huntersThe platform gives organizations a clear picture of how secure their IT assets are while independent researchers earn rewards for discovering vulnerabilities
Bug huntersbackground gradient in active linkCompanies
Bug image
Rank retentionSave your points scored on international platforms and hone your skills to boost your ranking and reputation. The better you perform, the more chances you have to join private BI.ZONE Bug Bounty programs!
BI.ZONE assistance during uncertain situationsIf there is a dispute with a company, feel free to contact us at bb@bi.zone or in Telegram @BizoneBugBountySupport. We'll do our best to smooth things over
Knowledge baseStudy open reports of other bug hunters to boost your skills
Silver coin image
Space for sharing experienceCome to our private meetups, make yourself at home, and learn new things, take part in contests and other community activities
Easy payoutsGet rewards as an independent researcher, self-employed or sole proprietor, transfer money to a card or account in 30 hours
Gold coin image
Transparent communicationsKeep track of your reports by checking statuses and comments in your personal account. Also, use the bot BI.ZONE Bug Bounty Notifications
Cup image
Convenient reportingUse Markdown to describe the vulnerabilities you find clearly and beautifully. And there are ready-made templates at your disposal - they will save you time
Programs on the platform
Publications
Самозанятый багхантер: максимум выплат, минимум бумагПлатформа BI.ZONE Bug Bounty позволяет багхантерам легально искать уязвимости в компаниях и получать за это вознаграждение. Его размер устанавливает каждая компания индивидуально в зависимости от критичности уязвимости и ее импакта — на это мы не можем повлиять. Но при разработке своей платформы мы постарались учесть интересы исследователя и сделать для него процесс получения выплат максимально выгодным и удобным
Read
Месяц хардкорного багхантинга: запускаем BUGS ZONE!Представляем вам BUGS ZONE. Это две недели хардкорного багхантинга и закрытый митап в Москве с ограниченным количеством мест. Сдавайте баги на нашей платформе, попадайте в топ и встретимся на митапе 12 апреля :)
Read
Partners
Avatar of ПОХЕК
ПОХЕК
Avatar of Bounty On Coffee
Bounty On Coffee
Avatar of Омский багхантер
Омский багхантер
Avatar of SHADOW:Group
SHADOW:Group
Avatar of PAINtest
PAINtest
Avatar of BugXplorer
BugXplorer
Avatar of GigaHackers
GigaHackers
FAQ
What is a bug?
We have seen cases where a bug is defined as any error on a website: a button that didn't work or a misplaced comma. But within the bugbounty framework, we are talking strictly about cybersecurity vulnerabilities. For example, these are errors that lead to remote code execution on API nodes. See the detailed description of each of the programs freely available on the platform for more information on where to look for such bugs and what else they can be. https://bugbounty.bi.zone/companies.
We found critical vulnerabilities, but they're not included in the scope. Can I get a payout for them?
It's awesome that you were able to find vulnerabilities that impact a company's cybersecurity! But keep in mind that submitting bugs outside of the given scope could be a thankless task. The company may not be able to pay for such reports because they did not budget for it. Your time and effort will have been spent in vain.
What to do if a company refuses to pay for a discovered vulnerability?
In conflict situations, it is better to present arguments rather than appeal to emotions. You may suggest revising the size of the award. In any case, do not be afraid to contact our support specialists with independent expertise in the field of information security. We will help you sort things out because one of the goals of the BI.ZONE Bug Bounty platform is to build beneficial cooperation for everyone. Hence, we strive to mediate difficult situations.
Is bug bounty even legal?
We often get this question from researchers. If the bug hunter acts as stipulated in the program, then everything is legal. But hacking into a company's infrastructure using DDoS attacks or social engineering methods is forbidden in the vast majority of cases and is stated so in the terms and conditions.
In what format should I submit the report to guarantee a payout?
Our developers thought of all the tools you need to generate the perfect report. Use markdown to make the found vulnerabilities look clear and appealing. You can also use ready-made templates to save time. Be sure to send all proofs of work along with the report: a screenshot, PoC video, script or burp file that will help the company verify the vulnerability. All this will show that you actually exploited the vulnerability, and you did it as a white hat. The more evidence you have, the more likely you are to earn a reward. Alas, the vendor does not pay for the theoretical exploitation, so aim to present practical evidence.
Is it only individual persons who can bug hunt on the platform?
No. There are three tax statuses to choose from. You can enter into a civil law contract with us as an individual. But it is more advantageous to be self-employed or an individual entrepreneur.
What is the difference between being self-employed or an individual entrepreneur?
Individual entrepreneurs undergo state registration, choose a taxation system, and pay insurance premiums. Self-employment is simpler. It is suitable for those who already have a regular job, and bug hunting is their spare time activity. It has significant advantages: · Quick and easy registration with konsol.pro takes only 10 minutes. A detailed description of the process can be found on the platform's blog. · An ordinary bank account is suitable for receiving payments, no special current account is needed. · The tax payment process is automated thanks to the integration with konsol.pro.
How do I change my tax status?
If you initially registered with konsol.pro as an individual and later decide to claim rewards under a different status, you do not need to delete the account. You do not need to write an additional application to change your tax status either. All you need is to contact our support. In an email to bb@bi.zone or a message in Telegram @BizoneBugBountySupport, specify your full name and describe the situation. We will help.
Bug found. What do I do next?
The general process for bug bounty on our platform looks as follows: 1. You find a bug and send a report to the company through the platform. 2. The company confirms the bug and sets a reward depending on its criticality. 3. When you receive a notification that the company is ready to pay you the bounty, you register in konsol.pro and specify your account details. You can do this through the profile settings on the platform or via the link. 4. After the payment provider verifies you, you sign a contract with BI.ZONE Bug Bounty via konsol.pro, as well as a statement of the work conducted. 5. The payment is in your account (usually within 30 hours). This and other information will come via push notifications.
I can not find the answer to my question here. Who should I ask?
We did our best to cover all issues in these recommendations, but if you haven't found what you were looking for, write to our support at bb@bi.zone or Telegram @BizoneBugBountySupport.
footer logoPrivacy policyTerms of useFollow us@t.me/bizone_bbSupportbb@bi.zoneDistribution of PDPs