PTaaS Pentests are the newest approach to security testing from intigriti, combining the best of both worlds from traditional pentests and bug bounty programs. PTaaS Pentests only have one researcher scheduled at a time and always require an application. However, not every researcher has the ability to apply for PTaaS Pentests by default. Since you would be closely working with customers, Intigriti wants to make sure that we grant this privilege primarily to those who have proven their mettle (both technical skills, as well as ethical and good conduct, are required).
General Eligibility Criteria
As a researcher, the following criteria need to be met to enter the qualification for PTaaS Pentest Eligibility:
Identity must be verified
Must be active on the intigriti platform for at least one year
At least 80% of submitted reports must be valid
At most 33% of reports may be deemed “informative” only
At least 50% of reports must have been eligible for bounty
These criteria may also be considered fulfilled if equivalent performance on comparable platforms can be demonstrated. The same goes for researchers who were engaged in part- or full-time employment with the main responsibility of conducting pentests for IT assets.
Specific Eligibility Criteria
If the General Eligibility Criteria are met, researchers are qualified to hold an interview with an intigriti PTaaS Pentest Manager. During this short interview, we will evaluate:
Language skills
Knowledge and skills specific to pentests
Ability to interact with intigriti customers in a professional fashion
If the PTaaS Pentest Manager deems the criteria met, the researcher will receive a flag as “eligible for PTaaS”, granting access to the ability to apply for PTaaS Pentests.
Eligibility for specific PTaaS Programs
Companies may set out additional specific criteria for researchers to be invited to their programs, depending on their requirements and given sufficient reason (such as legal requirements, internal policies, or researcher criteria specific to the scope of the PTaaS Pentest). This is no different from continuous programs but is worth mentioning anyway.
Exclusion Criteria
Researchers can be excluded from possible participation in PTaaS Pentest Programs if there is any instance of violation of either Researcher T&C and/or violation of the Code of Conduct. The same goes for expressing explicitly unprofessional behaviour towards Intigriti staff or Intigriti customers. In both cases, the “eligible for PTaaS” flag may be removed from the researcher, preventing further participation in PTaaS Pentest Programs. Depending on the severity of the violation, Intigriti may also apply further penalties, such as temporary or permanent bans.