Skip to content

Unleash the force of TESTO TEour Ethical Hackers

and kickstart the protection TEof your business.

Choose the subscription type that best fits your company needs and adopt a Secured by Design approach to increase the security of digital resources against cyberattacks.

The Success Fee Model that reduces company costs

Banks, financial services, insurance companies, e-commerce providers, automotive—no business that leverages technology and innovation is immune to cybercrime. WhiteJar is the cybersecurity service that guarantees immediate access to Ethical Hackers via a crowdbased platform. The hackers receive financial rewards for every vulnerability found after a triage evaluation process.

Why you should trust WhiteJar with your cybersecurity

A relationship based on trust

Trust is fundamental for a solid relationship between corporations and the cybersecurity experts that are entrusted with sensible data and private information.

Why you should trust WhiteJar with your cybersecurity

Recruiting process

Talent recruiting for ethical hacking entails a process of strict background checks for what concerns identity, certifications, and reputation of each candidate.

Why you should trust WhiteJar with your cybersecurity

Community activation

The professionals that make up the Community are activated through Bug Bounty campaigns on a shared platform. The Client is the one who decides whether to make a campaign open to all community members or target a selection of specialists.

Why you should trust WhiteJar with your cybersecurity

Integrated communication system

The platform is integrated with the latest corporation management and communication systems, in order to guarantee efficient and relevant real-time communication.

Why you should trust WhiteJar with your cybersecurity

Total control

Hacker Teams are in constant communication with corporations to prevent cyberattacks and act quickly against threats or verified vulnerabilities.

Why you should trust WhiteJar with your cybersecurity

Regulatory compliance

The platform is developed in accordance with the most crucial and modern common cybersecurity practices.

The full service of a scalable model

Personal console available 24/7

Owned console to communicate with the Community of Ethical Hackers, accessible 24/7.

Verified executive report for C-level

CISO reports customizable through the platform.

Customizable vulnerability technical reports.

The reports include:

  • detailed description of verified vulnerability
  • reproduction/test phases for verified vulnerability
  • correction notes and remediation suggestions
  • evidence (images, http requests/replies, videos)

Tracking system for communication and reports

Integration with the most popular tracking systems for corporate communication (JIRA, Redmine, etc.)

Program types

man smiling with laptop

Public or private

The Bug Security Bounty programs that corporations launch on the platform can be either public or private: open to all Community members (public) or targeted to a selection of profiled Ethical Hackers (private).

Bug Bounty / Subscription and Rewards / One-shot and Ongoing

Subscriptions last for a minimum of 12 months. Once a subscription is activated, the Client can immediately launch their Bug Bounty Campaigns, either public or private, for a limited time period or as ongoing campaigns. Each time, the Client can set a budget for rewards for each vulnerability found to be devolved to Ethical Hackers.

man smiling with laptop

Operating model



Request a demo via the online contact form.



Schedule calls to learn about the benefits and operation of the platform.



Receive credentials to access the platform and activate the service.



Define your vulnerability and reward scheme and launch your Engagement Campaign.



Receive notifications of detected vulnerabilities, reports and remediation recommendations.



Publish new campaigns in total autonomy.


We only work on reporting vulnerabilities, not solving them. The report format is very thorough, and it’s usually made of step-by-step reproducibility, PoC, Suggested Mitigation, Type (e.g. SQLi), Severity (e.g. CRITICAL), and media (e.g. screenshots).

The type of vulnerabilities we will accept in every program can vary, and we can define the in-scope and out-of-scope together. For example, we can work on RCE

SQLi, XSS, CSRF, Authentication bypass, Horizontal or Vertical privilege escalation.

But, if you have a particular scope, like for example an IoT to be tested, we can vary the Type of Vulnerability.

All Ethical Hackers sign confidentiality bonds and are not “unknown” people. They subscribe to a code of ethics (Article 2 of our T&C) and follow a certification path (Article 3 of our T&C) which requires, among other things, identity verification, verification of held certifications, and training of various kinds. This process implements logics similar to the stringent verification procedure applied in the EU, called KYC. Accepted certifications evolve during time and can involve: CEH, CISSP, GXPN, OSCP, GWAPT, GMOB.

We also accept non-certified Ethical Hackers in the process because we think that the crowd windows and the power of collective consciousness is more powerful than the single Pen Tester work. You can only choose certified Ethical Hackers, but we strongly suggest to also include the non-certified: it will increase the odds to detect vulnerabilities.

Yes, we can create a custom second level NDA upon request and we can activate extra insurance to handle liabilities (we already have a basic insurance of up to €50,000 – Article 6 T&C). All the documents will be verified before the program starts and we can work to adapt the process to the customer compliance policy (you need to activate an extra package).

At this moment, we have experience on Private Bug Bounty Programs or Public Bug Bounty Programs. A program can last a precise time period (like 1 month) or stay active forever (until you decide to end it).

But our philosophy is that we want to stay flexible and give you the maximum space to engage with the Ethical Hackers community. This means that we can also work on custom programs, as long as we bring value to the community (for example: Capture The Flag program).

The service is weighted to have the customer interact with a group of Ethical Hackers. We believe in the collective consciousness of our certified and trained community. The number of Ethical Hackers that will take part in our programs can vary, but we usually start with a small group and expand along the way (so we will adapt depending on the customer workload capacity). These elements are built with the customer in a service setup phase.

Yes, we can activate the “security platform” that is to pass all Ethical Hackers activities through a controlled VPN, encrypted and certified by the WhiteJar team.