Skip to main content

How can I take part in PTaaS Pentests?

All you need to know about the criteria to fulfill to gain access to PTaaS Pentests

Inti avatar
Written by Inti
Updated this week

PTaaS Pentests are the newest approach to security testing from intigriti, combining the best of both worlds from traditional pentests and bug bounty programs. PTaaS Pentests only have one researcher scheduled at a time and always require an application. However, not every researcher has the ability to apply for PTaaS Pentests by default. Since you would be closely working with customers, Intigriti wants to make sure that we grant this privilege primarily to those who have proven their mettle (both technical skills, as well as ethical and good conduct, are required).

General Eligibility Criteria

As a researcher, the following criteria need to be met to enter the qualification for PTaaS Pentest Eligibility:

  • Identity must be verified

  • Must be active on the intigriti platform for at least one year

  • At least 80% of submitted reports must be valid

  • At most 33% of reports may be deemed “informative” only

  • At least 50% of reports must have been eligible for bounty

These criteria may also be considered fulfilled if equivalent performance on comparable platforms can be demonstrated. The same goes for researchers who were engaged in part- or full-time employment with the main responsibility of conducting pentests for IT assets.

Specific Eligibility Criteria

If the General Eligibility Criteria are met, researchers are qualified to hold an interview with an intigriti PTaaS Pentest Manager. During this short interview, we will evaluate:

  • Language skills

  • Knowledge and skills specific to pentests

  • Ability to interact with intigriti customers in a professional fashion

If the PTaaS Pentest Manager deems the criteria met, the researcher will receive a flag as “eligible for PTaaS”, granting access to the ability to apply for PTaaS Pentests.

Eligibility for specific PTaaS Programs

Companies may set out additional specific criteria for researchers to be invited to their programs, depending on their requirements and given sufficient reason (such as legal requirements, internal policies, or researcher criteria specific to the scope of the PTaaS Pentest). This is no different from continuous programs but is worth mentioning anyway.

Exclusion Criteria

Researchers can be excluded from possible participation in PTaaS Pentest Programs if there is any instance of violation of either Researcher T&C and/or violation of the Code of Conduct. The same goes for expressing explicitly unprofessional behaviour towards Intigriti staff or Intigriti customers. In both cases, the “eligible for PTaaS” flag may be removed from the researcher, preventing further participation in PTaaS Pentest Programs. Depending on the severity of the violation, Intigriti may also apply further penalties, such as temporary or permanent bans.

Did this answer your question?