Search Go hack yourself with Detectify

An EASM blog from Detectify

Detectify launches a crowd-based security program to ensure an always updated service

November 10, 2016

We have strengthened our security team with a crowdsourced bug bounty program (currently in beta phase). The initiative, known as Detectify Crowdsource, allows us to bring in independent security researchers from all over the world. They will help us ensure that Detectify remains the most up-to-date and thorough security service for web applications.

dsc_2934-copy“I’m confident that the only way to keep up with elevated security threats is to bring in the best ethical hackers in the world. Black hats move fast, so we need to move even faster. By inviting some of the world’s top security researchers to our platform we will combine automation with crowdsourcing for the first time”, says Rickard Carlsson, CEO of Detectify.

How does Detectify Crowdsource work?

The security researchers submit their findings to Detectify’s security team, who evaluate their Proofs of Concept before adding them to the service, ensuring only high-quality issues are implemented. The researchers will receive payouts based on the number of unique hits for their submission. The more critical the vulnerability is, the higher the payout level will be. The monetary rewards are processed through Bugcrowd, one of the most well-established marketplaces for bug bounty programs. The program is still in beta phase and we are currently improving functionality and inviting researchers.

“As organizations of all sizes face a growing number of cyber security threats it’s no surprise that more and more are turning to the power of the crowd to stay ahead of their adversaries,” said Casey Ellis, CEO, Bugcrowd. “Bug bounty programs have become a critical component of a comprehensive security strategy. Detectify’s adoption of this model is further proof of this, and we’re pleased to be able to facilitate that adoption.”

An extension of our top-ranked security team

frans-2016Our Stockholm-based team already includes several prominent bug bounty hunters such as Frans Rosén. He is a top-ranked participant of bug bounty programs, receiving the highest bounty payout ever on HackerOne. He agrees with Carlsson that crowdsourcing is the way to go forward in an ever-changing security landscape:

“The best security researchers will never take a regular 9-5 job at your company, but they are more than willing to contribute with the latest security issues, keeping our service up-to-date and earning money at the same time. It is a win-win situation”, says Frans Rosén, who is well acquainted with the community of security researchers.

Carefully selected researchers

Detectify was founded by the world’s leading white hat hackers in 2013 and we are working hard on maintaining the same quality. Detectify Crowdsource will therefore grow slowly and we will distribute invitations as we are ready to add new researchers. One of the security researchers who has joined the initiative says:

Detectify Crowdsource is a hybrid between traditional bug bounty programs and automated vulnerability scanners. Researchers can follow the amount of hits on their submitted module, which works as a stimulant. From a client perspective I’d say that the Crowdsource program is of value, making Detectify a scanning service backed by the “crowd”.

[VIDEO] Learn more about Detectify Crowdsource from our CEO Rickard Carlsson and Co-Founder Fredrik Nordberg Almroth.

Interested in joining Detectify Crowdsource or have any questions about the initiative? Drop us an email: hello [at]