What is it?
Our Bug Hunting service offering will pit your external targets against our skilled team of experienced penetration testers, who will seek to identify and report serious weaknesses and exposures. Efforts are focussed on the discovery of high impact attack chains that could have significant impact if left unresolved.
Manual discovery of content, services, applications.
Targeted reconnaissance and attack surface mapping
Exploiting recent vulnerabilities
Scanning for weaknesses not yet covered by the core scanning engine, e.g. based off the latest security research
Enumeration of user accounts and weak passwords on the perimeter
Is it like a penetration test?
There are a few differences between Bug Hunting and a Manual Penetration Test:
It's not as structured as a standard penetration test 👉 It's delivered in a similar style to Bug Bounty, but run by Intruder's qualified team
It's widely scoped, and typically includes all systems in your account, including production systems 👉 The team take careful steps to reduce the risks associated with testing production systems
It's not an exhaustive test of the systems in scope 👉 Testing focus and prioritisation of targets is encouraged, so Intruder’s efforts can be directed. eg. focus could be directed toward a particular area, such as a recently changed API
From what perspective is the test?
It's completely up to the user – whatever they feel will assist Intruder’s team in discovering weaknesses.
Testing without credentials, means its performed from the perspective of an internet-based attacker, which could be anyone
Testing with credentials, will expose what would be available to an attacker with inside information or access to privileged information (such as change notes or source code)
Intruder's bug hunting team will send out advisories for security issues discovered throughout the process. If no issues are found, they'll follow up with an email to assure you of this.
Bug hunting is a bolt-on service available to Premium and Vanguard users and is sold and booked by the day.