Bug Bounties

PortSwigger Web Security

Powered by: 

Allows bounty splitting: 

Average time to first program response: 5

Average time to bounty awarded null: 10

Average time to report resolved: 

Handle portswigger

Managed program: false

Name: PortSwigger Web Security

Offers bounties: true

Offers swag: true

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/portswigger

Website: https://portswigger.net

In scope:

  • Asset identifier: Burp Collaborator
  • Asset type: DOWNLOADABLE_EXECUTABLES
  • Availability requirement: none
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Burp Collaborator is part of Burp Suite Pro - for further information refer to https://portswigger.net/burp/help/collaborator.html
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: Burp Suite Enterprise Edition
  • Asset type: DOWNLOADABLE_EXECUTABLES
  • Availability requirement: high
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Download from https://portswigger.net/requestfreetrial/enterprise
  • Integrity requirements: high
  • Max severity: critical



  • Asset identifier: Burp Suite Extension (BApps)
  • Asset type: DOWNLOADABLE_EXECUTABLES
  • Availability requirement: none
  • Confidentiality requirement: none
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: These are made by third parties, and installed via the BApp store in the Burp Extender tab. High severity vulnerabilities only please.
  • Integrity requirements: none
  • Max severity: none



  • Asset identifier: Burp Suite Pro/Community
  • Asset type: DOWNLOADABLE_EXECUTABLES
  • Availability requirement: none
  • Confidentiality requirement: medium
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Download from https://portswigger.net/burp
  • Integrity requirements: low
  • Max severity: high



  • Asset identifier: forum.portswigger.net
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: https://enterprise-demo.portswigger.net/
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: This is a hosted demo of Burp Suite Enterprise Edition.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: portswigger.net
  • Asset type: URL
  • Availability requirement: low
  • Confidentiality requirement: high
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: https://portswigger.net
  • Integrity requirements: high
  • Max severity: critical