Let hundreds of hackers check your security.

Many website owners need to operate on a very tight budget and can not afford to hire security companies to assist them.

On the other hand there are thousands of young hackers in need to demonstrate their skills without breaking the law.

99Hackers is about bringing those two groups together.

You define a price, hackers will compete to deliver the most professional report to you.

How it works, an example:

1) Setup

Define the target. For example your online-shop. Set a bounty starting at 100$.
After we verify the validity of the order we will start an automated scan of your system.

2) Distribution

We provide our registered hackers with the anonymized scan results. Based on the scan results and the bounty, they can decide if it is worth for them to participate.

3) Hackers at work

The hackers attack your system in a competition to deliver the most helpful report in time.
The goal for each hacker is not only to identify as many security problems as possible, but also to deliver a readable report that explains you what was done, how to interpret the results and advice on a technical level on how to fix the issues.

4) Win for you

You will gets access to up to 20 reports from various hackers and can rate how helpful they were.
Instead of only one opinion about the state of your security, you will get many.

5) Win for the hackers

Based on the report rating, the bounty gets distributed to the participants. The winning report will be visible to all participants, so that they can learn what made the difference and improve their skills.



Frequently asked questions

  • What happens if no one submits a report?
    - You will get your money back.
  • What happens if no one finds a security flaw?
    - In this case you should relax and be happy.
  • How many reports will I get?
    - You will receive a minimum of 3 and a maximum of 20 reports. Want more or less? Talk to us.
  • I do not get it! Who is my contract partner? You? Or the hackers?
    - We will be your contract partner. You grant us the right to outsource hacking your system. We assure our hackers that they are allowed to hack you within a specific timeframe and with specific boundaries.
  • I would like to hire my winning hacker!
    - At the moment we kindly request you to send us the 'hacker-id'. This process is not automated yet.
  • How is the money distributed?
    - We charge 20$ fee for the initial scan, plus ten percent of the remaining bounty.
    - The remaining bounty goes either fully to the winner, or to the top three reports at a rate of 60%-30%-10%
  • It is possible that hackers do not earn anything at all. Why should they participate?
    - At first, many are just bored any consider this a way to pass some time.
    - Many hackers are in need to demonstrate their skills in a lawful way. Since customers do not only select a winning report, but can tag others as 'helpful', we can for example certify that some 18 year old from Bulgaria helped 23 real world business owners with their security.
    - Every participating hacker gets access to the winning report, to learn about what was missing, new tricks and tools.
  • Aren't hackers the bad guys?
    - No. Hacking is about exploring technology and making use of it in a way that was not intended. Hacking does not even need to be related to computer security per se. Using your toaster to brew a cup of tea, passes as hack too.
    Not all hackers are nice, but the majority of them are certainly not criminals. Most people that break into computers with malicious intend are just using techniques developed by hackers to accomplish their goals. We should call them criminals. Or do you always assume that an attacker with a baseball bat is always a baseball player? :)
  • I am a bit afraid to let so many people attack my system. How do you make sure that there is no criminal among them?
    - Short answer: We can not rule out that there is a criminal among the registered hackers.
    - Long answer: It would not make much sense for a criminal to go through the hassle of registration, since there is no benefit in that when you plan something illegal.
    This being said, we do strongly advice to setup a dedicated instance of your application for the security check, so that you do not endanger your current operations. If this is not possible, we will help you to define a scope that reduces risk of disturbance.
  • Do you need more hackers?
    - Yes. But since we have a backlog of unprocessed applicants, we took down the hacker-registration. We are just starting and are a bit overwhelmed by the feedback. Please wait about two weeks until we open up again. Or send a mail to donotforgetme@99hackers.com and we ping you when we are ready.