Bountytalk - Forums Advertising & Bounty Hub

Other Bounties => Bug bounty programs => Topic started by: Angelina on May 02, 2023, 06:22:49 pm

Title: Kenna Bug Bounty [$50 -$4,500]
Post by: Angelina on May 02, 2023, 06:22:49 pm

Submit bug report

Kenna Security is a leader in risk-based vulnerability management. The Kenna Security Platform enables organizations to measure, prioritize, and predict cyber risk. Kenna leverages Cyber Risk Context Technology™ to track and predict real-world exploitations, focusing security and IT operations teams on what matters most.

Researcher Platform Sign-Up:
https://app.labs.us.kennasecurity.com/signup?bugcrowd
DO NOT USE THE KENNA SECURITY SIGNUP PAGE WITHOUT ?bugcrowd IN THE URL.

Focus Areas:
Authentication and Authorization weaknesses.
Cross-account data leakage or unauthorized access
Stored/Reflected/DOM-based Cross-Site Scripting (XSS)
SQL Injection (SQLi)
Server-side Remote Code Execution (RCE)
Server-side Request Forgery (SSRF)
Broken access controls (insecure direct object references, etc.)
Out Of Scope:
Any testing/submissions against Kenna Security customer subdomains is strictly prohibited, not eligible for a reward.
Distributed Denial of Service
Social engineering/phishing attacks.
Third-Party Bugs
If issues reported to our bug bounty program affect a third-party library, external project, or another vendor, Kenna Security reserves the right to forward details of the issue to that party without further discussion with the researcher. We will do our best to coordinate and communicate with researchers through this process.

Coordinated Disclosure Guidelines
We will investigate legitimate reports and make every effort to quickly correct any vulnerability. To encourage responsible reporting, we will not take legal action against you nor ask law enforcement to investigate you provided you comply with the following guidelines:

Coordinated Disclosure Guidelines
Provide details of the vulnerability, including information needed to reproduce and validate the vulnerability and a Proof of Concept (POC).
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our services.
Do not modify or access data that does not belong to you.
Give Kenna Security a reasonable time to correct the issue before requesting an update or taking any additional action.