Use case

Bug bounty triage workflow

Confirm whether an issue is real, in scope, and still reproducible without wasting cycles. This flow keeps authorization checks, role boundaries, and evidence quality first.

1. Scope lock

Validate target, asset ownership, and exclusions before any run starts.

2. Reproduce

Replay the reporter path and capture browser/network artifacts automatically.

3. Compare

Run auth boundary checks across identities for quick IDOR/authz signal.

What to export in your triage pack

• Reproduction steps with exact target, role, and timestamps.
• Request/response pairs for critical steps.
• Screenshots and artifact list tied to the run id.
• Scope justification and authorization statement.

Start in dashboard Read setup guide

Related guide

Need the longer playbook with scope, reproduction, and role-comparison guidance?

Read bug bounty triage guide