To avoid any service impact, such as performance degradation or slow response times, to customers during a bug bounty campaign, Cyberbay employs several strategies:
Non-Intrusive Actions
The methods used by Cyberbay’s bounty hunters are designed to be non-intrusive. The primary goal is to identify vulnerabilities without disrupting the normal functioning of your systems. Our hunters use standard penetration testing techniques that are well-documented and controlled.
System Impact
While any testing activity can have some level of impact, Cyberbay’s approach is structured to minimize this. By defining a clear scope and maintaining constant monitoring, we ensure that the impact on your system is as low as possible. Potential risks are mitigated by our ability to quickly terminate any suspicious activity.
Continuous Monitoring and Logging
Cyberbay uses a secure Lighthouse VPN for bounty hunters to connect to your assets. This ensures transparency and control while you define the scope and duration of the testing. Our continuous monitoring and logging help prevent and address any suspicious actions, ensuring that the bug-hunting process is as non-intrusive and safe as possible.
Using a UAT Environment
To further minimize any risk of impacting your production environment, it is highly recommended to use a User Acceptance Testing (UAT) environment for the bug bounty campaign. Here’s why:
- Isolation from Production: A UAT environment is isolated from your production environment, ensuring that any testing activities do not affect your live services and customers.
- Replicating Real Conditions: A well-configured UAT environment can closely replicate your production setup, allowing bounty hunters to find genuine vulnerabilities without the risk of causing downtime or performance issues.
- Controlled Testing: Using a UAT environment allows for controlled and safe testing. If any issues arise, they can be addressed without impacting your actual users.
