navigation

June 2019

Scopes’ Security Requirements

Bug Bounty Managers are able to specify security requirements for one scope by selecting out of three different levels. This feature is useful for hunters to know that reward grids may vary according to the security requirement of scopes.

For instance, one scope implying a Single sign-on (SSO) should be specified as +++.

Please note, in any case, that the amount of rewards is still defined by each Bug Bounty Manager.

Eventually, the rendering of the different reward grids.

May 2019

Hunting Requirements

We provide a better understanding of hunters’ requirements regarding the rules of a program:

April 2019

Wallet Threshold

By configuring the wallet Threshold in your Business Unit section, you will be able to trigger an alarm if your wallet reaches the mentioned amount.

Qualifying bug reports through CWE tagging and remediation resources.

While submitting bug reports, you can select from a menu the right CWE ID to better qualify your findings. Once done, the client will receive not only the CWE ID resource but also a link to a remediation guide.

Enhanced granularity & ACL

Once again, we have improved granularity in member management. A more detailed ACL management enables you to tailor the level of responsibility you confer to your staff. According to your staff’s various skills, you can invite members from your business unit, security team and accountant department. The number of members is still unlimited.

March 2019

New features for quicker and improved Bug Reporting !

Our Dev Team issued two new features for you to save time and gain quality while reporting vulnerabilities.

As shown below, now you can access a new menu entry called My Yes We Hack. This section provides a template manager up to five templates. According to our experience, 5 templates should be sufficient and useful for a majority of bug hunters. In this section, based on Markdown, you can add or edit your templates.

Now, let’s see a second useful feature to better illustrate and/or document your reports.

Generally speaking, now while reporting you can insert images or link to images previously uploaded by mentioning its ID as shown below :

Now click Preview and you will see the results :) Furthermore, our team thought it was relevant to provide syntax highlighting. Through the example below, you will see how to insert a code from Burp Suite, which is rather cool and handy. Then, check the preview instantly :)

Syntax highlighting is available for the following list:

Happy Bug Hunting & Happy Reporting !

February 2019

Enabling Your Public Profile as a hunter

if you want to enable your public profile like Kalin, please tick the box like depicted below :

Click Edit

Then tick the box Public

You can also add

and last but not least Update your profile

You’re done ! Your profile should be awsome as this one :

January 2019

New report workflow

We have reviewed the workflow for qualifying bug reports. It is said that a picture speaks a thousand words so please take a look below:

December 2018

New program structure

We have reviewed the structure of the programs by adding several fields.

VPN

Two-factor authentication (TOTP)

We have integrated a two-factor authentication to increase the security level of your YesWeHack account.

New report structure

The details of the bug reports have also been reviewed, providing more clarity to the program manager. The ergonomics of the tools used for qualifying reports have also been redesigned to offer you a greater efficiency. These new programs/report structures linked to the provision of a public API allows an optimal capitalization of vulnerability reports (DevSecOps).

New dashboard

The new dashboard offers you all the statistics related to the reported bugs (severity, status, classification… etc.) but also concerning the amount of paid rewards.

API

We do provide an API so that you can develop or connect your own tools.

Members at all levels

We have improved granularity in member management. You can invite members to your business unit, but also to your programs and reports. The number of members is unlimited.

Profile page

Each hunter now has a profile page through which all his activity within the platform is highlighted including his ranking. This allows YesWeHack’s client companies to select the hunters and to invite them into their programs based on their impact score or activities. Bug Hunter

New programs display

The display of a program’s details has been completely redesigned to provide a better user experience. In addition to the traditional information related to a Bug Bounty program, we improved -in a very visual way- the current activity on the program (number of reports, thanks… etc.) but also the reward bracket that the security expert can expect.

New billing process

We have completely reviewed the billing process. This enables you to comply with the requirements of the tax authorities. Billing

Program versioning

It is not always easy for the hunter to follow the evolution of a bounty bug program over time. That’s why we implemented a versioning feature on the program display. Versioning