Contrast Security

  • Points – $2,000 per vulnerability

Program stats

  • Vulnerabilities rewarded 59
  • Validation within 5 days 75% of submissions are accepted or rejected within 5 days
  • Average payout $625 within the last 3 months

Latest hall of famers

Recently joined this program

Contrast Security invites you to test our application security platform providing IAST, RASP, and SCA for applications and APIs.  
Our web interface allows users to log into to download specific language agents and view their security information (such attacks, and libraries) or reporting. The way you interact with Contrast depends on your particular situation, the tools and integrations you employ, or your roles and permissions.  

We appreciate your efforts and hard work in making our assets more resilient, accurate and secure. We look forward to working with the researcher community to create a meaningful and successful program. Good luck and happy hunting!

For platform testing, each researcher will be assigned a dedicated test instance.  
Please see the Testing section for further details.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.