The Credential Management feature enables you to easily share access credentials with hackers so that you don't have to constantly create sign-in credentials for each new hacker who participates in your program. This also enables participating hackers to quickly retrieve the credentials needed to find vulnerabilities in your program.
To set up Credential Management for your program:
Go to Program Settings > General > Credential Management.
Click Import CSV file to upload the CSV file of credentials that you want to share. The CSV file supports a set of headers and values where each row is a set of credentials that can be claimed by a hacker.
Review your uploaded credentials in the preview window and click Next.
Write instructions you want to communicate to the hacker when they claim one of your credentials.
Your uploaded credentials will populate on your Credential Management page where you can see which credentials have or haven’t been claimed. Claimed credentials will also display the username of the hacker under the Claimed by column. From here, you also have the option to edit, revoke, or recycle credentials.
The username of the account the hacker created using the provided credentials will display on the submitted report under the Account details used section.
How It Works
Once you’ve set up credential management, hackers participating in your program will be able to retrieve their credentials by clicking the Show Credentials button on your security page.
The Credentials window will then display instructions where the hacker can claim one of the credentials you’ve provided. They’ll be prompted to enter the username of the account they created using the credentials provided.
Hackers can only claim 1 set of credentials. If they want a second set of credentials, you can revoke their first set and then have them request another.