follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel . ask urgent question ONLY . Subscribe to our reddit



Recent Posts

Pages: 1 [2] 3 4 ... 10
11
Bug bounty programs / Kayak Bug Bounty
« Last post by Angelina on September 20, 2023, 06:57:48 PM »
submit bug report: https://www.kayak.co.in/security

We are committed to ensuring the privacy and safety of our users. If you think that you have discovered a security vulnerability on our web site or within our mobile apps, we appreciate your help in disclosing the issue to us. Please do this responsibly by giving us the opportunity to investigate and fix the vulnerability in a timely fashion before publicly disclosing it. Security vulnerability reports will be treated as high priority. We will validate and fix vulnerabilities in accordance with our commitment to security and privacy.

Please provide the following details to help us address and resolve your findings:

Describe the vulnerability (e.g., XSS on hotel results page) you have discovered and if possible, share instructions to help us reproduce it.
Tell us about your environment (e.g., browser product and version, operating system, mobile app platform, app version, device model).
If possible, attach a screenshot.
Send all information to [email protected].
Exceptions from this Policy
General questions related to KAYAK are handled by our Customer Support team – for questions, comments or feedback, click here.
12
Bug bounty programs / Ian Dunn Bug Bounty
« Last post by Angelina on September 20, 2023, 06:56:30 PM »
submit bug report: https://hackerone.com/iandunn-projects?type=team

Scope
I'm a developer, so I'm mostly interested in source code bugs, rather than network intrusions. Reports must meet these criteria to be accepted:
It must show tangible/practical security implications. Theoretical scenarios and missing best practices aren't worth the time.
It must include a PoC with complete steps to reproduce.
It must have a medium or higher severity; low severity issues just aren't worth the time (unless they can be chained together to create a higher severity vulnerability).
It must not be mentioned in the Scope Exclusions section.
Reports that don't meet those criteria will be marked as Not Applicable.
Top Targets
Compassionate Comments
Regolith
Quick Navigation Interface
There are more targets listed in the In Scope section below.
Bounties
Severity   Award
High   $100 - $400
Medium   $25-50
Low   $0
Severity is based on CVSS 3, but may be adjusted up or down at my discretion. For example, a vulnerability in a plugin with 10,000 active installations may be higher than a vulnerability in a plugin with 100 active installations.
Scope Exclusions / Common Invalid Reports
My personal website is not in scope. It's not important, and the constant pentesting is annoying.
Common false reports listed on WordPress' Reporting Security Vulnerabilities page. I don't consider usernames sensitive enough to be information disclosure.
Brute force, DoS (including XML-RPC and load-scripts.php), phishing, text injection, or social engineering attacks.
Output from automated scans - please manually verify issues and include a valid proof of concept.
Clickjacking with minimal security implications
Lack of HTTP/MX security headers (CSP, X-XSS, SPF, DMARC, DKIM, etc.)
Mixed content warnings for passive assets like images and videos
Theoretical vulnerabilities where you can't demonstrate a significant security impact with a PoC.
Rare or low-severity edge cases: Like regular bugs, not all security bugs are worth fixing. Some edge cases may be closed as Informative. For example, CEMI attacks using standard trigger characters (like #151516) are welcome, but characters that only work in Excel, or only in old versions of software, etc are not accepted (see #124223).
Invalid reports will be disclosed in order to help other researchers and programs learn from them.
13
Bug bounty programs / Grofers Bug Bounty
« Last post by Angelina on September 20, 2023, 06:55:07 PM »
submit bug report: https://blinkit.com/security

Help keep Blinkit safe for the community by disclosing security issues to us
We take security seriously at Blinkit. If you are a security researcher or expert, and believe you’ve identified security-related issues with Blinkit's website or apps, we would appreciate you disclosing it to us responsibly.

Our team is committed to addressing all security issues in a responsible and timely manner, and ask the security community to give us the opportunity to do so before disclosing them publicly. Please submit a bug to us on our HackerOne page, along with a detailed description of the issue and steps to reproduce it, if any. We trust the security community to make every effort to protect our users data and privacy.

For a list of researchers who have helped us address security issues, please visit our HackerOne page.

Submit the bugs to us on our HackerOne page, along with a detailed description of the issue and steps to reproduce it.
14
Bug bounty programs / GoCd Bug Bounty
« Last post by Angelina on September 20, 2023, 06:54:10 PM »
submit bug report: https://github.com/gocd/gocd

Note: There is no bounty program or swag in place for this.
No technology is perfect, and GoCD believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Disclosure Policy
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
In scope
Your own GoCD installation
SQL injection
Remote code execution
Cross-site scripting
Cross-site request forgery
Directory Traversal
Information Disclosure
Privilege escalation
Other things that would obviously leave user data vulnerable
Out of scope
Public websites (https://*.gocd.org)
Submitting test data to our public websites (https://*.gocd.org/*)
GoCD instances of third parties
Denial of service
Spamming
Social engineering (including phishing) of GoCD staff or contractors
Any physical attempts against GoCD property or data centers
NOTE: PLEASE do not report clickjacking on www.gocd.org. It's hosted by GitHub Pages and we have no control over it, to change X-FRAME-OPTIONS.
Thank you for helping keep GoCD and our users safe!
NOTE
We have experimental/nightly releases on our website at
https://www.gocd.org/download/?experimental=true
We recommend using these while testing to avoid reporting duplicates.
15
Bug bounty programs / GeoTab Bug Bounty
« Last post by Angelina on September 20, 2023, 06:53:24 PM »
submit bug report: https://www.geotab.com/security/

Geotab’s security policy
Geotab takes a rigorous approach to information security following the principle of continuous improvement. To protect ourselves, our customers and partners, Geotab is constantly reviewing, improving and validating our security mechanisms and processes to ensure our systems remain resilient to intrusion and disaster. Geotab also collaborates with leading stakeholders to advance security across the industry. As we grow, more industries, fleets and customers will benefit from Geotab’s uncompromising stance on information security.

Compliance
Geotab demonstrates our commitment to information security and data protection through validation of our system and processes. Compliance certifications and authorizations:

•ISO/IEC 27001:2013 Information Security Management System

•FedRAMP Authorized for Geotab cloud-based telematics platform

•FIPS 140-2 validation for the Geotab GO device cryptographic library

•Cyber Essentials Certificate

Cybersecurity
Cybersecurity is an essential part of your business, now more than ever. Learn data security best practices for executives. Get information on cybersecurity notifications and standards to help mitigate cyber risk.


Customer data privacy
Geotab provides its customers with an industry-leading, open platform fleet management solution for collecting and analyzing vehicle and fleet data. With Geotab, customers have power and control over their own data. Although the Geotab platform does not require personal data, nevertheless, some customers may choose to include personal data (also called personally identifiable information or PII), such as driver-specific data, to help achieve additional business goals.

Maintaining the privacy of customers’ data is an important priority of Geotab’s data management activities. As a data processor, Geotab implements and maintains technical and organizational measures designed to keep customer data secure and private. Individual customer data is processed according to the customer’s instructions and chosen settings that enable the proper functioning of the solution and its ongoing improvement. Geotab has carefully controlled and audited access to personal data in a customers’ database in the event that the customer needs support on their data for safety or troubleshooting.

Vulnerability responsible disclosure
Geotab takes security and transparency very seriously and we appreciate the ongoing efforts of Individuals or entities who study security and/or security vulnerabilities. To better serve security researchers, Geotab has developed a program to make it easier to report vulnerabilities and to recognize those researchers for their effort to make the Internet a safer place. This policy provides Geotab’s guidelines for reporting vulnerabilities to Geotab.

If you believe you have found a security vulnerability that could impact Geotab or our customers, we encourage you to let us know right away. We will investigate all legitimate reports and do what is required to fix the problem as soon as possible. We ask that all researchers follow our Vulnerability Disclosure Policy and make a good faith effort to avoid privacy violations, destruction of data and interruption of services during your research.
16
Bug bounty programs / Garmin Bug Bounty
« Last post by Angelina on September 20, 2023, 06:51:25 PM »
submit bug report: https://www.garmin.com/en-US/legal/security/

Keeping Data Safe at Garmin
Garmin aims to keep its products, apps and websites safe for everyone, and data security is very important to us. To that end, here’s some information about the measures Garmin takes to secure data.

Garmin’s Responsible Disclosure Policy
Data security is a priority at Garmin. If you are a security researcher or Garmin customer and think you’ve found a security issue or vulnerability, we appreciate your help in disclosing it to us in a responsible manner. Please don’t access or modify data without permission, and act in good faith not to degrade the performance of our products, apps and websites.

If you believe you have discovered a vulnerability or have a security incident to report, let us know. Please include a detailed description of the possible vulnerability and an email address where we can reach you in case we need more information.

We appreciate your help in making Garmin products, apps and websites secure. We'd also like to thank all those who have already reported security issues.

REPORT A SECURITY ISSUE
View, Export or Delete Your Data
View the information Garmin maintains about your account, registered devices, mobile apps and more. You can request a copy of it or ask us to delete it.

MANAGE YOUR DATA
Get Help with a Product
Our product experts can help you get back on track with relevant answers and solutions.

VISIT SUPPORT CENTER
Frequently Asked Questions about Garmin Security
What does Garmin do to try to prevent and resolve security issues?
Garmin has dedicated security personnel who are armed with an array of security tools that protect and monitor for threats 24/7. Security personnel work closely with teams throughout Garmin in an effort to keep products, apps and websites safe. Members of the Garmin team are also continually keeping our servers up to date with security patches and operating system updates.

How is my personal data protected?
Garmin uses a variety of safeguards, personnel and processes that form defense in depth barriers to protect your data.. Garmin continuously evaluates our security posture to further enhance the security of your data.

What access do third parties have to my personal data?
Please review our Privacy Statement to read about the ways your personal data may be shared with third parties.
17
Bug bounty programs / Trellix Bug Bounty
« Last post by Angelina on September 20, 2023, 06:50:16 PM »
submit bug report: https://supportm.trellix.com/webcenter/portal/supportportal/pages_home


Knowledge
Center
Explore the knowledge center for content related to your product.


Updates &
Downloads
Obtain product updates, hotfixes and downloads and manage product licensing.


Support
Tools
Run WebMER or other diagnostic tools to help solve problems.

Additional Product & Support Resources
Support Community
Product Downloads
Product Documentation
Product End of Life (EOL)
   

Log In
Register
Announcements
   Submit a Sample is currently unavailable.
 
(9/14/2023)
Submit a Sample is currently unavailable. Our IT team is aware of the issue and they are working to resolve it. We apologize for any inconvenience.

   Trellix EDR logon domain name change to trellix.com
 
   Trellix Rebranding of Enterprise Product Names
 
   End of Life for the Trellix Enterprise Support mobile app
 
   The URL to access Cloud Services changed on January 17th
 
   Skyhigh Security Product Documentation
 

Featured Products:
Endpoint Security
System Requirements:
Windows Linux Mac OS
Resources:
FAQs
Product Downloads, Hotfixes and Updates
Endpoint Security Community
Support Notification Service
ePolicy Orchestrator
System Requirements:
ePO 5.x
Resources:
FAQs
Product Downloads, Hotfixes and Updates
ePolicy Orchestrator Community
Support Notification Service
SIEM Enterprise Security Manager
System Requirements:
ESM 11.x.x, 10.x.x
Resources:
Product Downloads, Hotfixes and Updates
SIEM Community
Support Notification Service
Data Loss Prevention Endpoint
System Requirements:
DLP 11.x
Resources:
Product Downloads, Hotfixes and Updates
Data Loss Prevention Endpoint Community
Support Notification Service
Application Control
System Requirements:
MACC 8.x, 7.x and 6.x
Additional Resources:
Product Downloads, Hotfixes and Updates
Application Control Community
Support Notification Service
Advanced Threat Defense
System Requirements:
ATD 4.x
Additional Resources:
Product Downloads, Hotfixes and Updates
Advanced Threat Defense Community
Support Notification Service
Threat Intelligence Exchange
System Requirements:
TIE 3.x and 2.x
Resources:
Product Downloads, Hotfixes and Updates
Threat Intelligence Exchange Community
Support Notification Service
18
Bug bounty programs / Firebase Bug Bounty
« Last post by Angelina on September 20, 2023, 06:49:16 PM »
submit bug report: https://firebase.google.com/support

Pick a category

Bugs and Features
File Bug Reports and Feature Requests here.

Accounts & projects
Trouble accessing an account or project

Billing
I have a billing question

Push Notification issues
Firebase Cloud Messaging

Analytics help
Google Analytics for Firebase

Database issues
Cloud Firestore or Realtime Database issues

Information
View the Firebase ToS, FAQ, & other information

Pick a different product
My issue is with a specific Firebase product.

GCP support
I have a GCP support plan.

Report spam, malware, or phishing
I would like to report spam, malware, or phishing
19
Bug bounty programs / Files Bug Bounty
« Last post by Angelina on September 20, 2023, 06:47:29 PM »
submit bug report: https://www.files.com/

Here at Files.com, we celebrate security and we encourage independent security researchers to help us keep our products secure.
We offer a Security Bug Bounty Program (the "Program") to create an incentive and reward structure so that researchers are able to devote resources to working on Files.com.
We will pay $100 to $10,000, at our discretion, to any researcher who discovers a significant security vulnerability in Files.com. We pay quickly and fairly, every time, as long as you follow our rules.
If you've found a vulnerability or would like to perform security research against Files.com, please read through the rules below.
NOTE: Testing is only authorized on the targets listed as In-Scope. Any domain/property of Files.com or Action Verb LLC (the owner and operator of Files.com) not listed in the targets section is out of scope. This includes any/all subdomains not listed in the In-Scope section.
Reports We Are Looking For
We want to know about anything about our platform that poses a significant security vulnerability to either us or our customers.
These can include:
Privilege Escalation
Authentication Bypass
Leakage of Sensitive Data
Remote Code Execution
SQL Injection
Cross-Site Request Forgery (XSRF)
Cross-Site Scripting (XSS)
Code Injection
... and more!
On the marketing site asset (https://www.files.com) we are looking for vulnerabilities that lead to a vulnerability on the actual *.files.com platform.
Bug Bounty Program Requirements
To participate in our program, you must create trial account on our platform by navigating to Files.com.com and clicking the button to start a Free Trial. That Trial sign up process will create the 'your-assigned-subdomain.files.com' URL to be used for testing.
VERY IMPORTANT: Your account must include the phrase "[BUGBOUNTY]" in the "Company Name" used when registering. (Without the quotes, no space between the two words, but with square brackets.)
Here is an example of the values to use in the Trial sign up form:
Company name: [BUGBOUNTY] Trial Company
Phone Number: 555-555-5555
Work email: [email protected]
Password: Pa55w0rd
Absolutely do not under any circumstances input payment card information (credit card or debit card) or make a payment unless you intend to pay the charge in full. If you properly tag your account as a [BUGBOUNTY] site by following the directions above, we will not prompt you for payment during your testing period.
Failure to abide by the above will result in your full disqualification from this program.
Additional Rules:
Do not create more than four trial accounts within a 60-day period for the purpose of conducting security research against our platform.
Do not attempt to gain access to another user's account or data.
Do not impact other users with your testing.
Do not perform any attack that could harm the reliability/integrity of our services or data. DDoS/spam attacks are not allowed.
Do not publicly disclose a bug either before or after it has been fixed. Public disclosure means disclosure to anyone, even on private "Hacker" websites and forums.
Do not attempt non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.
Do not upload information about the vulnerability to any site you do not directly own. This includes uploading videos to YouTube, Vimeo, etc, even if marked private.
Any scanners or automated tools used to find vulnerabilities need to be rate limited.
Decisions made by us regarding the eligibility of submissions are final. Do not write back to dispute a decision.
You are expected to be 100% professional and pleasant to work with via E-Mail.
Reports That Do Not Qualify
The following types of reports do not qualify and will not pay a bounty.
Anything related to billing, pricing, ability to get "free" service, ability to not be charged for certain types of usage, etc. Our billing is all manually reviewed and none of these things are a problem in practice.
Reports related to actual authenticated Site Admins being able use their position as Site Admin to attack other users by using sitewide administration features.
Vulnerabilities that only affect outdated or unpatched browser/plugin versions.
Vulnerabilities requiring exceedingly unlikely user interaction.
Vulnerabilities, such as timing attacks, that prove the existence of a user or site.
Vulnerabilities requiring social or physical attacks.
Reports related to denial of service attacks or DNSsec.
Insecure cookie settings for non-sensitive cookies.
Reports related to HTTP Digest authentication being better than HTTP Basic (it isn't)
Reports related to password strength requirements
Disclosure of public information and information that does not present significant risk.
Vulnerabilities that have already been submitted by another user, that we are already aware of, or that have been classified as ineligible.
Scripting or other automation and brute forcing of intended functionality.
Issues that we can't understand or reproduce.
Vulnerabilities that involve running local code to modify or manipulate the desktop application on Windows or Mac.
Reports related to the Quarantine feature on Mac.
Commonly False Positive Reports
Files.com is an FTP, SFTP, and WebDAV hosting service. Obviously this means that we will have an open FTP server on port 21, SFTP on port 22, and it means that our servers respond to DAV verbs.
EXIF Geolocation data not being stripped. Files.com does not alter uploaded content in any way. Users are free to upload and share content any way they want.
Files.com offers the ability to make a folder publicly hosted at https://subdomain.hosted-by-files.com/folder_name/. This hosting mode is intended to be full-featured web hosting just like any other web hosting provider, meaning that the ability to serve full websites with Javascript is intended. This means that you can upload malicious Javascript to that folder and have it be served. That's intentional. In order for an XSS attack related to public hosting to be in scope, it needs to relate to one Files.com customer attacking another customer, rather than attacking itself.
Important Terms
We aim to pay bounties as quickly as possible and will pay bounties sometimes before the issue is patched. Therefore, we require that you do not disclose any vulnerability publicly, either before or after the bounty is paid.
If paid a bounty, you may disclose that you received a bounty, but you may not disclose the amount or any information related to the type of vulnerability you found. Under no other circumstances may you disclose anything about your participation in this program.
You are still bound by the Terms of Service you agreed to upon signup for your Trial account. Please read and understand this document as it affects your rights.
To Report a Vulnerability
To report a vulnerability, first re-read this entire page to be sure that you understand the terms. We may refuse to pay bounties if you violate the terms on this page, even if we act on the submission.
We will respond as quickly as possible to your submission.
20
Bug bounty programs / Silverstreet Bug Bounty
« Last post by Angelina on July 31, 2023, 06:03:35 PM »
submit bug report: https://www.silverstreet.com/

You create the message
we handle the delivery
Connect with anybody, anytime, anywhere. We offer programmable SMS, AI Messaging, 2FA, and Omnichannel communication platforms for you as tools to boost your business. Integrate with our easy-to-use API and benefit from our 24/7 support and global network coverage.


Twizo Communicate
Customise your campaign with a few clicks.


Twizo Authenticate
Protect your customer data with Two Factors Authentication.


SMS
Send SMS in large quantities through the highest quality routes in a fast, scalable and cost effective way.


Number Lookup
Check the operator before sending to perform a better cost effective campaign.

 
Number Lookup
Mobile Number Portability (MNP) is now a worry of the past.

Protect your service and your customers by preventing fraud and security breaches through the use of Number Lookup.

LEARN MORE
 
Twizo Authenticate
Security Authentication - Quick Integration, Many Solutions.

Twizo makes online security simple through easy integration and a variety of authentication solutions. We serve customers globally allowing them to scale their businesses while we worry about their security.

LEARN MORE
 
Twizo Communicate
Seamlessly navigate through our services.

Our cloud based mobile communicator provides you with access to all of our features to manage your campaign, engage with your customers and track the results of your efforts.

LEARN MORE
 
SMS
A powerful way to communicate with your customers on a global scale.

Our API enables you to send SMS in large quantities through the highest quality routes in a fast, scalable and cost effective way. A powerful tool to communicate with your customers across the globe.

LEARN MORE
 
Number Lookup
Pages: 1 [2] 3 4 ... 10