Hey, I’ve got a question!
It is my first time on the bug bounties platforms and I would like to know if, in order to petest against the companies published here, it is necessary to give them my public IP address or advise them in some way as in the traditional pentest.
Or on the contrary, I can carry out the test with my public IP of my house without any legal sanction.
Thanks in advance.
Welcome @z0mig
Most programs don’t ask for your IP address but I have participated in a few that asked for it when you report a bug. I think the only reason why they ask for it, it’s to identify your traffic and make sure it wasn’t someone else exploiting a bug or something like that.
In my experience, just a few programs expect advice about how to fix the issue, but it’s very rare. Usually, they just expect you to report a vulnerability as clear as possible and that’s it.
In any case, you should read the policy page of each program in which you want to participate before you start testing. Everything you need to know before testing is there.
In addition, our Researcher Docs cover topics such as ‘Becoming a Researcher’ and more. I hope it helps!