- Adding Targets at Program-level and Defining Rewards for Targets
- Adding Target Groups
- Adding Targets to Target Group
- Editing Targets in Target Group
- Deleting Targets in Target Group
- Reordering Targets in Target Group
- Removing Target Group
Adding Targets at Program-level and Defining Rewards for Targets
At a program-level, you must first create a target group and then add targets to that group.
You can add one or more
in scope target groups and define your program’s reward structure (if a paid engagement) for each group.
Out of Scope Target Group: Make sure to define targets that may be mistaken as part of the engagement within an Out of Scope target group. The more robust and clear the better to avoid any miscommunication.
Use the following three resources to help better understand and identify which targets should be set in or out of scope:
Adding Target Groups
To add target groups:
On the Scope & Rewards page, click Target groups.
The Target groups page is displayed.
To create a target group, click Add group.
The Add target group page is displayed.
In Title, specify a name for your target group.
In Description, provide a detailed description about the target group. This includes details about:
- Target Documentation
- System Diagrams
- Focus Areas
You can style your text using the Markdown syntax. For more information, see using markdown for formatting content.
If you want researchers of the program to test all the targets in the target group, then select The target group is In-scope option.
If you plan to compensate for unique valid findings, select This target group pays monetary rewards option.
We have pre-set reward ranges depending on how mature your asset’s security posture is, displayed as High, Medium, and Low. By selecting these options the ranges will auto-fill but you can adjust this as required by selecting Custom.
If you have selected Custom, then for each priority, specify the minimum and maximum values in the text boxes. The minimum value specified for P5 or P4 (if no P5 is set), and the maximum value specified for P1 is the reward range for all the targets in the group.
Adding Targets to Target Group
To add the targets to a target group:
In Targets, click Add new target.
The Add target pop-up window is displayed.
Feature Restriction: Targets may only be manually added and removed by a user before a program has been launched live. Once the program has been launched live, contact your Account Manager to add or remove any targets.
Specify the following:
- Target name: Select a pre-existing target or fill-in the name of the to be created target.
- Target URL / Location (optional): Provide the complete URL for researchers to access this target. It must be a valid example of an instance of this target such as a website, application, API, or the app store link to the mobile application. Bugcrowd’s servers will occasionally poll these targets to test connectivity and composition.
- Category: Select the category that best fits your target.
- Tags(optional): Select tags to indicate the skills and technologies that will be helpful in testing this target.
The target is added to the group and is displayed in the Targets section.
Perform the steps 1, 2, and 3 for adding another target.
Click Save group.
The Group created successfully message is displayed and the target group appears on the Target groups page.
Editing Targets in Target Group
If you want to edit the target information, click the gray color Edit icon.
Deleting Targets in Target Group
To delete a target, click the red color Delete icon for the target that you want to delete.
Deleting a target from a program will effectively change the scope and bounty brief.
Removal of Program Targets: If your program has yet to launch live, both targets in and out of scope may be removed. If your program is currently running live, ONLY out of scope targets may be removed.
The ability to remove targets are limited to specific role based access:
- Only Organization Owners and Program Admin may remove or edit a target on a single program.
- Only Organization Owners may remove targets entirely from the platform in the target directory page.
Removing a Target: Removing a target from a program will no longer allow researcher to submit vulnerabilities against the removed target until the target has been re-added to the program.
At this point, the target will be removed from the program brief, however, existing submissions attached to this target will be available within the submission inbox. In addition, all submissions attached to this target will be included in all metrics presenting in the Insights page.
Reordering Targets in Target Group
To reorder the target. click the two arrow sign and drag-and-drop the target to the required position.
Removing Target Group
On the Target groups page, click Edit for the target group you want to remove.
The Edit target group page is displayed.
Scroll to the end of the page and click Remove group.
A message asking for confirmation is displayed.
The “Group deleted successfully” message is displayed and the target group is removed from the Target groups page.