Bug hunting is a bolt-on service available to Premium and Vanguard users.
What is it?
Our Bug Hunting service offering will pit your external targets against our skilled team of experienced penetration testers, who will seek to identify and report serious weaknesses and exposures. Efforts are focused on the discovery of high impact attack chains that could have significant impact if left unresolved.
What's included?
Manual discovery of content, services, applications.
Targeted reconnaissance and attack surface mapping
Exploiting recent vulnerabilities
Scanning for weaknesses not yet covered by the core scanning engine, e.g. based off the latest security research
Enumeration of user accounts and weak passwords on the perimeter
From what perspective is the test?
It's completely up to the user – whatever you feel will assist Intruder’s team in discovering weaknesses.
Testing without credentials, means its performed from the perspective of an internet-based attacker, which could be anyone
Testing with credentials, will expose what would be available to an attacker with inside information or access to privileged information (such as change notes or source code).
Reporting
When the team have uncovered a vulnerability, you'll be notified via the Issues page of your portal, under Advisories.
Clicking on the issue, will open a drawer on the right hand side, where you can view the description and recommended remediation advice.
Clicking on 'See evidence
' will move the contents of the drawer up, so you can review the evidence submitted by the security team.
Retesting
Clicking on the Retest
button will send a request to the security team, who will review the target to check whether it's still vulnerable - if it is, the issue will remain there.
If your remediation efforts were a success and your target is no longer vulnerable, you'll see it move to the top of the 'Fixed' tab, under advisories.
Is it like a penetration test?
There are a few differences between Bug Hunting and a Manual Penetration Test:
It's not as structured as a standard penetration test 👉 It's delivered in a similar style to Bug Bounty, but run by Intruder's qualified team
It's widely scoped, and typically includes all systems in your account, including production systems 👉 The team take careful steps to reduce the risks associated with testing production systems
It's not an exhaustive test of the systems in scope 👉 Testing focus and prioritisation of targets is encouraged, so Intruder’s efforts can be directed. eg. focus could be directed toward a particular area, such as a recently changed API