The securitized application has additional value in the eyes of grateful users

What is Bug Bounty?

The classic principle of Bug Bounty is based on the payment for testing a web resource or application after significant vulnerabilities have been identified, which can have a significant impact on the security of the resource and its operation as a whole. Conducting a pentest by the "bug bounty" principle involves not a formal verification of the entire list of developers' vulnerabilities and bugs according to generally accepted methodologies, but the actual detection of 1-2 most significant and significant bugs and informing the resource owner about such detected problems. Often development companies place their products in "bugbounty" programs on an ongoing basis, so that as many ethical hackers as possible apply their skills to comprehensively check the application or resource.

Public offer Join

Resource owners

The security of any web resource determines the additional value in the eyes of customers (visitors, counterparties). By placing an order for testing your web resource by the whitehats community, our customers get an additional competitive advantage - because the customer's confidence in the securiteness of the resource and service speaks for itself! To place a resource in the testing list contact us by filling out the feedback form at the bottom of the homepage. BugBountyBy platform guarantees that information about possible vulnerabilities discovered by our community during testing will be transferred exclusively to the owner of the resource.

Write to us


Currently, there are a large number of sites that host orders from various resources for permanent security research. BugBountyBy is one of these young sites. With our help, you can legally try your hand at testing real web resources whose owners have joined the bugbounty program.


We invite interested creative guys to contribute to the development of the BugBountyBy Platform. If you have any questions about cooperation with us, write to bugbountyby@gmail.com. Yes, we know that the corporate box looks cooler and more fashionable)) However, practice shows that the contents of Google accounts sometimes have a more confident and resilient protection!


By becoming a registered member of this online platform, you get access to the order database and the intellectual resource of professional testers who specialize in finding vulnerabilities. This approach allows customers to secure their resources to the maximum extent possible and allows Executors to get legal compensation for detected security problems. Increase the security level of your web resources and developments together with us!


Crossite scripting is checking the pages being examined for proper input processing in order to prevent illegitimate scripts from being activated.


Brutforce is brutforce! A direct brute-force attack aimed at finding passwords to accounts.


BugBountyBy's professional team performs security checks of the examined web resources strictly according to relevant best practices.


Validation check for incoming queries (SQL, noSQL, OS command, ORM, LDAP.


By far the most important test of a web application using the OWASP methodology (version 2021): the most typical and insidious vulnerabilities.


Verification involving attempts to intercept session data and spoof legitimate information in it.


  • 50+ active bughunters
  • 20+ active partners
  • 15+ full cycle pentests (compliance included)
  • 3 security testers teams


If you have any questions about the Platform, you can contact us using this form.