{"id":16621,"date":"2024-05-29T18:09:45","date_gmt":"2024-05-29T16:09:45","guid":{"rendered":"https:\/\/immune.institute\/?p=16621"},"modified":"2025-10-07T11:32:51","modified_gmt":"2025-10-07T09:32:51","slug":"bug-bounty-hacking-etico-sin-contrato","status":"publish","type":"post","link":"https:\/\/immune.institute\/en\/blog\/bug-bounty-hacking-etico-sin-contrato\/","title":{"rendered":"Bug Bounty: ethical hacking without a contract"},"content":{"rendered":"

The ethical hacking<\/strong>also known as pentesting<\/em>is a process of security assessment <\/strong>of a company through a professional. It is carried out by means of an agreement between both parties detailing the procedures to be carried out and the permissions granted to the ethical hacker to access data and systems.<\/p>\n\n\n\n

What is the bug bounty<\/em>?<\/strong><\/h2>\n\n\n\n

In a technological world, for a cybercriminal to find a loophole to access a company's files can translate into huge losses. To close these loopholes security loopholes<\/strong>ethical hacking is often used, and this is where the bug bounty,<\/em> or bounty hunting, for finding flaws in cyber defences. It is a programme offered by some companies and organisations to incentivise researchers to finding and reporting vulnerabilities<\/strong> in their networks, systems and applications. The main objective is to identify and correct existing security problems before they can be exploited by cybercriminals. Researchers who discover bugs can receive financial incentives or other rewards, such as being featured in a hall of fame on company websites.<\/p>\n\n\n\n

How does the bug bounty<\/em> the ethical hacker?<\/strong><\/h2>\n\n\n\n

For a ethical hacker<\/a>the bug bounty <\/em>is a crucial opportunity to demonstrate your skills, especially if you have no formal experience in the sector. The programmes are competitive and open-ended in nature, allowing participants to show their capabilities<\/strong> in relation to other competitors. Being able to show results and procedures performed is a fundamental component for a professional of this style. The accumulated experience <\/strong>through the bug bounty<\/em> can make a significant difference to a cyber security professional's CV.<\/p>\n\n\n\n

Why would a company consider doing bug bounty<\/em>?<\/strong><\/h2>\n\n\n\n

Companies are considering implementing these programmes because they allow them to identify and address vulnerabilities<\/strong> more efficiently and cost-effectively than more traditional audit methods. The mobilisation of diverse and specialised talent facilitates the discovery of problems undetected by internal teams within the organisation. In addition, companies' reputations are enhanced by demonstrating how committed they are to security and transparency.<\/p>\n\n\n\n

Advantages of the bug bounty<\/em> versus traditional reporting<\/strong><\/h2>\n\n\n\n

The platforms of bug bounty <\/em>offer some significant advantages over the manual management of a vulnerability report:<\/p>\n\n\n\n