[ASM] Security Check
Key changes
Security Check is a continuous and automated security testing feature which provide active validation of CVEs and misconfigurations on a selected number of assets.
Each checkpoint ensures that a given vulnerability is not actually exploitable. These checkpoints (i.e., the most popular and exploited CVEs of the moment) are sourced and curated by YesWeHack.
Organisations can chose which checkpoints to activate, and which assets will be scanned (by all activated checkpoints).
The checkpoints' results create a new type of findings in the platform, named “Detected issues”.
Impact
Continuous Assurance for Security Teams – Security teams can run Security Check across their attack surface and continuously adapt their security posture.
Scope Maturity for Program Managers – Program Managers can validate the readiness of their assets before launching offensive security programs.
Audience
Customers who want to continuously monitor and secure assets outside their existing scopes.
Customers who don’t know which assets to put in scope, for a first program or even after a successful initial program.
Customers worried assets added to a program are vulnerable to long-standing CVEs, that could have been identified earlier.
ℹ️ To learn how to manage Security Check, visit the HelpCenter guide.
[BB] Tax identification Number (TIN)
Key changes
The Tax Identification Number (TIN) is an identification number assigned to taxpayers by the tax authorities. It is now mandatory for all European private individual hunters to provide a TIN in order to withdraw a reward from the platform.
Impact
A European “private individual” hunter must provide a valid TIN to withdraw rewards. If the hunter has not provided a valid TIN in the billing information, the workflow will be blocked.
Audience
Hunters
who declare a status of Private individual,
whose country of residence is in Europe. (Note: The tax information is already a mandatory field for companies (e.g., SIREN in France))
and want to withdraw their rewards.
Usage
Billing Information
A TIN field’s tooltip and a link that redirects to the Helpcenter are now available in the billing information (editing mode, and during the KYC process)
Withdraw a bounty from a wallet
ℹ️ An hunter must fulfill the following prerequisites to withdraw a bounty:
The hunter must be KYC Verified and enrolled in SCA
The hunter must use a bank account associated to their name (=the same identity previously verified during KYC process)
The bank account must be located in a country where MangoPay authorizes money transfers.
As a european private individual hunter, when I click on “Withdraw wallet” and if I have not provided a TIN in my billing information, the workflow changes:
A pop-up will appear inviting me to provide one. A TIN is mandatory to authorize a withdrawal.