Operational Resilience

Within the Operational Resilience module, the Bug Bounty Program section serves as an indicator of whether the project actively participates in a bug bounty program, either facilitated by CertiK or another third-party provider. If the project has chosen CertiK's bug bounty program, this section displays comprehensive program details. These include an icon signifying the program's active status, the launch date of the bug bounty, the allocated funds reserved for the bounty program, the specific assets within the program's scope, and the reward scale based on the severity of reported findings.

In cases where the project does not currently have a bug bounty program through CertiK, users have the opportunity to cast their votes in support of a project's application for either a discounted or free bug bounty program CertiK. The greater the number of votes a project receives, the higher the potential discount it can obtain.

Bug bounty programs are pivotal as they harness the expertise of ethical hackers to continuously assess a project's security posture, proactively identifying and addressing vulnerabilities. CertiK's Bug Bounty program stands out as a comprehensive Web3 platform offering fully managed end-to-end support, coupled with a 0% fee on bounty payouts. This collaborative approach enhances a project's resilience by actively involving the security community in the ongoing protection and improvement of its systems.

The Website Scan section displays the results of CertiK’s penetration testing, targeting both network and application layers to uncover intricate vulnerabilities. Our continuous assessment focuses on enhancing the security of web and mobile applications, pinpointing and prioritizing areas that demand immediate attention. We continuously evaluate network security, application security, and the overall DNS health of both mobile and desktop websites.

Web3 penetration testing is extremely important. It adopts an offensive approach to security auditing, mirroring the tactics of potential black hat hackers. Penetration testers leverage these techniques to identify and remediate vulnerabilities before malicious actors can exploit them.

In the context of Web3, there are unique considerations that demand specialized expertise. CertiK's Web3 penetration testers possess an extensive understanding of blockchain technology, smart contract intricacies, NFT functionality, and more, enabling them to conduct comprehensive assessments. Additionally, given that many decentralized applications integrate components from Web 2.0 and earlier technology stacks, our penetration testers are well-versed in all facets of network security. This breadth of knowledge ensures a thorough examination of the complex Web3 landscape.