Skip to content
green background
Your skills are worth more with WhiteJar
Because human ingenuity, supported by technology and enhanced by collaboration between experts in the same field can truly make the Internet a safer place.

A Community with a high density of talent

Are you a computer security expert and would you like to challenge professionals of your calibre? Are you a recent graduate and want to deepen your knowledge in the field? Do you want to monetise your cybersecurity skills? The WhiteJar Community, the first in Italy to offer a crowdsourcing service of certified Ethical Hackers, is the place for you.

Why choose WhiteJar

Relationship of trust

Community certifications reassure customers and foster trust relationships by facilitating the exchange of sensitive information with those directly responsible for the companies’ IT security.

Why choose WhiteJar

Recognised professional pathway

Becoming a certified Ethical Hacker requires experience, continuous training, passion, ingenuity and sharing a world of ethical values. WhiteJar recognises the professional development of its experts and enhances it in the business world.

Why choose WhiteJar

The principle of cooperation

Collaborating with other experts in the field is essential to offer a competitive service through increasingly evolved dynamics. The collaboration platform is designed to facilitate discussion between Community members and companies.

Why choose WhiteJar

Challenging work contexts

WhiteJar has been chosen by major national and international companies. Joining the WhiteJar Community means having the opportunity to deal with complex, dynamic and definitely boredom-proof contexts.

Why choose WhiteJar

The rewarding programme

The remuneration programme for verified vulnerabilities encourages hackers to constantly compare themselves with other professionals, in order to demonstrate their skills in the field and increase their visibility in the Community, with significant opportunities to earn money.

Why choose WhiteJar

Tax system

WhiteJar takes over the fiscal management of fees so that professionals can concentrate on their work.

Operating model



Apply to join the Team and accept WhiteJar's ethical principles with the contact form.



Complete your profile with your personal data and professional skills.



Once your identity has been validated, you will receive credentials to access the platform and join the Community.



Use your personal control panel to view active campaigns and choose programmes to participate in.



Notify the internal Team of the vulnerabilities you identify and once they have been validated, share them with the customer via the dashboard along with documentation and your remediation recommendations.



Receive reward for validated vulnerabilities directly through the platform.

Frequently Asked Questions

At this moment we have experience on Private Bug Bounty Programs or Public Bug Bounty Programs. A program can last a precise time period (like 1 month) or stay active forever (until you decide to end it).

But our philosophy is that we want to stay flexible and give you the maximum space to engage with the Ethical Hackers community. This means that we can also work on custom programs, as long as we bring value to the community (for example: Capture The Flag program).

Being part of the crowd means staying in touch with us, connecting with our teams, and helping us to grow the community. We want to engage with you!

It depends on the kind and criticality of the vulnerability. We can pay from €100 to €10,000, sometimes even more. We will share the payout rules for every program so you can decide if you want to take part or not.

However, if the customer involves you in some more engaging activity, we can also pay for extra time or custom projects.

We only work on reporting vulnerabilities, not solving them. The report format must be very thorough, and it’s usually made of step-by-step reproducibility, PoC, Suggested Mitigation, Type (e.g. SQLi), Severity (e.g. CRITICAL), and media (e.g. screenshots).

The type of vulnerabilities we will accept in every program can vary, and we can define the in-scope and out-of-scope together. For example, we can work on RCE

SQLi, XSS, CSRF, Authentication bypass, Horizontal or Vertical privilege escalation.

But, with a particular scope, like for example an IoT device to be tested, we can vary the type of vulnerability and the reward.

No. We are an Ethical community who will ask you to share your ID. We believe that there are excellent Hackers that don’t have a problem sharing their ID and certifications.

So, if you only want to appear with a nickname ant stay blind, is not the space for you.

Yes, you can!

All Ethical Hackers must sign confidentiality bonds and are not “unknown” people. We will ask you to subscribe to a code of ethics (Article 2 of our T&C) and follow a certification path (Article 3 of our T&C) which requires, among other things, identity verification, verification of held certifications, and training of various kinds. This process implements logics similar to the stringent verification procedure applied in the EU, called KYC. Accepted certifications evolve during time and can involve: CEH, CISSP, GXPN, OSCP, GWAPT, GMOB.

However, we also accept non-certified Ethical Hackers in the process because we think that the crowd windows and the power of collective consciousness is more powerful than the single Pen Tester work.