WhiteJar amplifies
your Ethical Hacking skills

Show off your talent. Take part in the Bug Bounty Campaigns launched by our Clients and earn financial rewards based on the vulnerabilities you can find.

A Community of Ethical Hackers brimming with talent

Are you a cybersecurity expert? Would you like to challenge equally skilled colleagues?
Did you just graduate? Are you looking for an opportunity to expand your knowledge in the field?
Would you like to monetize your cybersecurity skills?
The WhiteJar Community is the first Community in Italy to offer crowdsourced Ethical Hacking services by certified European experts. It’s the most challenging, most rewarding workplace you can find.

JOIN THE COMMUNITY

Why you should become a WhiteJar Ethical Hacker

Relationship based on trust

Trust is fundamental for a solid relationship between our Clients and the Ethical Hackers who join our Community: our professionals are entrusted with corporate cybersecurity, sensitive data, and private information.

Why you should become a WhiteJar Ethical Hacker

Recognised professional path

Becoming a certified Ethical Hacker requires experience, constant updating, passion, intelligence, and, of course, solid ethics. UNGUESS Security recognizes the career path of our experts and strives to enhance it within our company.

Why you should become a WhiteJar Ethical Hacker

Collaboration principles

Collaboration with fellow cybersecurity experts is crucial in order to offer competitive and efficient services. Our platform and Hacker Team management models are designed to facilitate the dialogue between our Community members and the corporations we serve.

Why you should become a WhiteJar Ethical Hacker

Challenging work environments

UNGUESS Security has been chosen by important national and international corporations. Joining the WhiteJar Community allows Ethical Hackers to challenge themselves by coming face-to-face with dynamic, complex environments.

Why you should become a WhiteJar Ethical Hacker

Reward Program

Our reward program works based on the vulnerabilities found by each Ethical Hacker, challenging Community members to do their best and compete to demonstrate their skills and grow their reputation.

Why you should become a WhiteJar Ethical Hacker

Tax system

UNGUESS Security handles all financial bureaucracy to allow the experts to focus solely on their work.

Operating model

1

STEP. 1

Apply to join the Team and accept WhiteJar's Manifesto with the contact form.

2

STEP. 2

Complete your profile with your personal data and professional skills.

3

STEP. 3

Once your identity has been validated, you will receive credentials to access the platform and join the Community.

4

STEP. 4

Use your personal control panel to view active campaigns and choose programmes to participate in.

5

STEP. 5

Notify the internal Team of the vulnerabilities you identify and once they have been validated, share them with the customer via the dashboard along with documentation and your remediation recommendations.

6

STEP. 6

Receive reward for validated vulnerabilities directly through the platform.

Identity
In order to verify the identity of our Ethical Hackers, we don't accept nicknames and use biometric profiling.
Certifications
Technical certifications are a welcome plus to access our recruitment process.

Our Ethical Hacking Manifesto

OUR MISSION IS AS SIMPLE AS IT IS AMBITIOUS: TO MAKE THE WORLD A SAFER PLACE. To carry out the mission, every Ethical Hacker from the TRYBER Community adheres to and promotes all principles of our Manifesto:

1

We are cybersecurity professionals. There is no discrimination in our Community for skin color, sexual orientation, gender, age, culture, or religion.

2

We condemn any criminal act and abhor any act perpetrated through cyber technologies to damage the freedom, image, and life of people and corporations.

3

Our curiosity is what fuels our work and pushes us toward new horizons.

4

The physical perimeter of our actions is the known world as well as the unknown world.

5

The temporal perimeter of our actions is every second, every minute, every hour, every day, and every year of our life.

6

Technology is our most powerful ally.

7

Knowledge is our strategy.

8

Our Community is our Team.

9

Shared Intelligence is our strength.
DOWNLOAD OUR MANIFESTO

Risk evaluation method and remuneration system

Our payout system is based on OWASP Risk Rating.
The system sorts verified vulnerabilities by risk seriousness based on two factors: probability and impact (technical impact and business impact).
A given vulnerability may be extremely threatening for a corporation but not so much for another.
Once sorted, vulnerabilities get assigned intervention priority.
Every time a vulnerability is verified, the Ethical Hacker who found it receives Badges and Experience Points. A ranking of the best performing Ethical Hackers is visible on the platform.
Remuneration will be set based on the risk represented by the vulnerability found and the financial reward (Bounty) pre-set by the client according to the standards of Bug Bounty tables.
The quality of the work is monitored by the WhiteJar Hacker Teams, according to methodology, technical assets, and strategies implemented by the Hacker.

BG-Hacker-fascia4@1x

Program Types

Public and private

Clients can choose whether to have a Bug Bounty program open to the entire Community of Ethical Hackers (public) or target their campaign at a selection of profiled experts (private).

Bug Bounty / Subscription and Rewards / One-shot and Ongoing

During the time covered by their subscription, the Client can launch a limitless number of Campaigns at any time, setting a budget for rewards each time.

FAQ

01.

At this moment we have experience on Private Bug Bounty Programs or Public Bug Bounty Programs. A program can last a precise time period (like 1 month) or stay active forever (until you decide to end it). But our philosophy is that we want to stay flexible and give you the maximum space to engage with the Ethical Hackers community. This means that we can also work on custom programs, as long as we bring value to the community (for example: Capture The Flag program). Being part of the crowd means staying in touch with us, connecting with our teams, and helping us to grow the community. We want to engage with you!

02.

It depends on the kind and criticality of the vulnerability. We can pay from €100 to €10,000, sometimes even more. We will share the payout rules for every program so you can decide if you want to take part or not. However, if the customer involves you in some more engaging activity, we can also pay for extra time or custom projects. We only work on reporting vulnerabilities, not solving them. The report format must be very thorough, and it’s usually made of step-by-step reproducibility, PoC, Suggested Mitigation, Type (e.g. SQLi), Severity (e.g. CRITICAL), and media (e.g. screenshots). The type of vulnerabilities we will accept in every program can vary, and we can define the in-scope and out-of-scope together. For example, we can work on RCE, SQLi, XSS, CSRF, Authentication bypass, Horizontal or Vertical privilege escalation. But, with a particular scope, like for example an IoT device to be tested, we can vary the type of vulnerability and the reward.

03.

No. We are an Ethical community who will ask you to share your ID. We believe that there are excellent Hackers that don’t have a problem sharing their ID and certifications. So, if you only want to appear with a nickname ant stay blind, whitejar.io is not the space for you.

04.

Yes, you can!
All Ethical Hackers must sign confidentiality bonds and are not “unknown” people. We will ask you to subscribe to a code of ethics (Article 2 of our T&C) and follow a certification path (Article 3 of our T&C) which requires, among other things, identity verification, verification of held certifications, and training of various kinds. This process implements logics similar to the stringent verification procedure applied in the EU, called KYC. Accepted certifications evolve during time and can involve: CEH, CISSP, GXPN, OSCP, GWAPT, GMOB.
However, we also accept non-certified Ethical Hackers in the process because we think that the crowd windows and the power of collective consciousness is more powerful than the single Pen Tester work.