What information is required to join a bug bounty campaign?

To join a bug bounty campaign with Cyberbay, we require the following information and steps to ensure the security and legitimacy of the campaign:

Asset Scope

You need to provide a detailed scope of the assets you want to be included in the bug bounty campaign. This includes specifying which systems, applications, or networks are to be tested. Clear and precise definitions of the scope help in focusing the efforts of the bounty hunters and avoiding unintended disruptions.

Ownership Verification

To verify ownership of the assets included in the bug bounty campaign, you will need to complete the following steps:

1. DNS Record: Add a specific record to the DNS settings of your domain. This record is provided by Cyberbay and proves that you control the domain.
   
   
2. Security.txt File: Place a security.txt file in the /.well-known/ directory of your web server. This file contains information about your security policies and contact information. Cyberbay will provide specific content for the file to verify ownership.
   
   
3. One-Time Password (OTP): Use an OTP sent to a registered contact point associated with your asset. Enter this OTP on the Cyberbay platform to confirm your ownership.
   

Steps to Join a Bug Bounty Campaign

1. Submit Asset Scope: Provide a comprehensive list of assets to be included in the campaign. Specify details such as domain names, IP addresses, application URLs, or any other relevant information that defines the boundaries of the testing.
   
   
2. Verify Ownership: Choose one of the following methods to verify ownership of the assets:
   
   
   • DNS TXT Record: Add the specific TXT record provided by Cyberbay to your domain’s DNS settings.
     
     
   • OTP Verification: Receive a one-time password on your registered contact point and enter it on the Cyberbay platform to confirm ownership.

3. Approval and Setup: Once ownership is verified, Cyberbay will review the submitted information. Upon approval, we will set up your bug bounty campaign according to the specified scope and parameters.
   

4. Launch Campaign: After the setup is complete, the bug bounty campaign will be launched. Our vetted pool of bounty hunters will begin testing your assets within the defined scope and timeframe.