NidFul Docs

Finding and Prioritizing Programs

Use NidFul recommendations to choose the right African programs for your skills.

9 min readUpdated Oct 3, 2025For Hackers

Finding and Prioritizing Programs

With dozens of NidFul programs spanning fintech, telecom, and public infrastructure, focusing your effort is critical. Borrow these playbooks from seasoned NidFul researchers and tailor them to African contexts.

Understand Program Types

  • Public VDPs – Always-on vulnerability disclosure programs. Great for building signal and qualifying for private invites.
  • Managed Bug Bounties – Incentive-based programs often restricted to curated researchers. Expect faster response times and higher payouts.
  • Time-bound Events – Sprints aligned with major product launches or compliance deadlines.

Use Filters & Recommendations

  1. Navigate to Programs → Discover.
  2. Apply filters for sector, payout currency, country focus, and vulnerability classes.
  3. Review the “Matching for you” tab—this leverages your profile tags and past report performance.

Private program invites

Maintain a high signal and responsiveness score to receive NidFul private invites. These often mirror the exclusivity of our top-tier opportunities.

Evaluate Scope Quickly

  • Identify assets with the highest impact (customer data, payment flows, authentication endpoints).
  • Confirm safe-harbor coverage for cross-border testing.
  • Note excluded techniques (e.g., DDoS, physical intrusion) and regional legal restrictions.

Plan Your Recon

  • Use well-defined checklists per asset type (web, mobile, APIs).
  • Consider localised edge cases: USSD payment flows, offline-first mobile apps, or telco airtime APIs.
  • Track recon notes in NidFul notebooks or your preferred knowledge base.

Collaborate & Share Insights

  • Many African startups run multi-lingual support desks. Provide context in English plus local terms when relevant.
  • Submit “heads-up” reports if you observe systemic risk that future attackers could leverage.
  • Engage triage teams respectfully—time zones and infrastructure constraints can influence response windows.

Keep Learning

  • Watch NidFul webinars featuring top African hackers and program managers.
  • Join capture-the-flag (CTF) events hosted around pan-African cybersecurity conferences.
  • Study resolved reports via redacted writeups when programs permit it.

Ready to send your first submission? Continue with Submitting High-Impact Reports.