Find a bug and receive a reward from FUIB. Test the cybersecurity of the bank's services

Course for development

FUIB is implementing an information security development strategy and systematically investing in improving its cybersecurity, as the availability of client services must be under constant protection. Previously, FUIB annually conducted independent audits of the effectiveness of cyber protection, including pentests from the best companies on the market. Over time, the financial institution’s specialists realized that this was not enough and decided to switch to the Bug bounty format. «This approach has several advantages: the ability to attract a significantly larger number of hackers from a large community of professionals, the competition format, the ability to test yourself, find weaknesses in systems that are considered protected, additionally motivates participants,» FUIB explains.

FUIB has had a new vulnerability detection program in place since July 2024. «This step emphasizes the bank’s responsibility for protecting infrastructure, clients’ financial assets, and ensuring the smooth operation of banking systems,» says Serhiy Groma, Director of the Information Security Department at FUIB.

The FUIB Bug Bounty Program allows ethical hackers and cybersecurity researchers to help identify potential vulnerabilities, for which monetary rewards are provided.

Rewards from FUIB

The reward can be up to $2,000 depending on the level of importance of the identified problems.

According to Serhiy Groma, the program creates favorable conditions for cooperation with the global community of cyber experts, helping to strengthen the bank’s security.

During the six months of the program’s operation, FUIB has already received over 240 reports of potential vulnerabilities in infrastructure, websites, APIs, and mobile applications. The active bug bounty community systematically helps the bank identify and eliminate potential risks.

HackenProof is a reliable partner for FUIB

When choosing a contractor for such a responsible matter, FUIB considered several market leaders. «The first Bug Bounty program was implemented on the HackerOne platform, which helped the bank get acquainted with the hacker community and evaluate all the benefits of Bug bounty,» says Serhiy Groma.

Currently, FUIB is opening up many of its services for testing, which are available to regular clients. At the same time, there are services that are only accessible to hunters verified by HackenProof specialists.

«We chose the HackenProof platform for its focus on the Ukrainian hacker community, which unites many talented specialists. Thanks to this cooperation and the activity of the hunters, over three years we managed to identify and eliminate about 30 vulnerabilities of various levels, paying rewards to talented hackers. An additional advantage is the triage service: HackenProof employees carefully check the found vulnerabilities before transferring them to the bank. This allows us to focus on solving critical security issues,» FUIB notes.

Bugs are classified in the Bug Bounty program based on the level of threat they pose to the system, users, or data. This level determines the potential impact of the vulnerability and the size of the reward accordingly.

HackenProof specialists met with hackers and developers of the bank offline to analyze the vulnerabilities found, discuss their details and impact on the bank’s services. «This event once again showed the effectiveness of direct cooperation between the bank and the community of cybersecurity specialists, allowing to find practical solutions to strengthen the protection of banking services,» FUIB notes.

How to become a white hat hacker for FUIB and beyond

Any qualified specialist can join the community of white hat hackers looking for bugs in FUIB services. Participation in the program does not require passing tests or checking the level of knowledge. However, the quality of the reports and the efficiency of the hacker’s work directly affect his success and rewards.

To do this, you need to go through several selection stages:

1. Pre- register on the platform where the program is hosted. The platform on which bug bounty programs are organized posts a detailed description of each program with a list of vulnerabilities for priority search. The higher the level of threat from the vulnerability, the greater the reward the white hat hacker will receive.
2. Choose a program with a detailed description of the vulnerabilities that are a priority for the customer. A white hat hacker can register on several platforms at the same time and participate in different programs. For example, the HackenProof platform offers 155 active bug bounty programs as of the end of 2024, where rewards for identifying critical vulnerabilities can reach $1 million.
   These programs are suitable for anyone interested in cybersecurity: both professionals with experience in ethical hacking and beginners who want to learn how to identify vulnerabilities.
3. Find vulnerabilities within the selected application.
4. Submit a report through the platform with a description of the vulnerability and a proposal for its removal. Having discovered a vulnerability in the product, the user must send a report, which is processed by the platform team. In the report, the user describes the discovered vulnerability and indicates options for fixing it.
5. Wait for the platform to check the report for uniqueness and importance.
6. The team analyzes the report for repetition of the vulnerability, as well as its importance, as reports may not contain valuable information and may cover, say, purely «cosmetic» fixes.
7. If the report is valuable and helps to eliminate the vulnerability, the hacker is paid a reward. If the report repeats already known problems or concerns minor flaws, the reward is not provided. Before receiving the reward, each participant must go through the KYC (Know Your Customer) procedure. This is necessary in order to prevent possible abuse of the identified vulnerabilities and avoid the risk of their use for malicious purposes.

Test your skills. Test FUIB products and services and get rewarded for it .