follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel



« previous next »
Pages: [1]

Author Topic: Geckoboard Bug Bounty  (Read 13309 times)

Angelina

  • Moderator
  • Experienced Member
  • *****
  • Posts: 357
    • View Profile
Geckoboard Bug Bounty
« on: June 14, 2023, 07:11:51 pm »
submit bug report:https://support.geckoboard.com/en/articles/6055718-report-a-security-vulnerability-and-responsible-disclosure-policies

Report a security vulnerability and responsible disclosure policies
Your input and feedback on our security is always appreciated.
Updated over a week ago
We welcome reports from security researchers and experts about possible security vulnerabilities with our service. We're particularly interested in hearing about vulnerabilities that impact the confidentiality or integrity of user information or systems, and have the potential to impact a large number of people.

 

Scope
The only target in scope is app.geckoboard.com, and any HTTP requests made from that subdomain (i.e. to management.geckoboard.com). All other Geckoboard domains such as www.geckoboard.com, community.geckoboard.com, support.geckoboard.com, etc. are out of scope.

 

Responsible disclosure policies
Geckoboard aims to keep its service safe for everyone, and data security is of utmost priority. If you're a security researcher and have discovered a security vulnerability in the service, we appreciate your help in disclosing it to us in a responsible manner. In return we promise to investigate reports promptly.

 

While we encourage you to discover and report to us any vulnerabilities you find in a responsible manner, the following conduct is expressly prohibited:

Performing actions that may negatively affect Geckoboard or its users (e.g. Spam, Brute Force, Denial of Service, etc).

Accessing, or attempting to access, data or information that does not belong to you. If you want to test cross-account access please sign up for additional trial accounts.

Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.

Performing automated vulnerability scans.

Attempting non-technical attacks such as social engineering, phishing, or physical attacks against our employees, users, or infrastructure.

Other important responsible disclosure policies to make note of:
The target URL is the same used by our customers. Please keep this in mind and act accordingly.

No attacks against Geckoboard's existing user base.

No phishing.

No DDoS attacks.

This is Geckoboard's primary production environment. We accept valid PoCs of app-level Denial of Service vulnerabilities, but PoCs that intentionally stress or risks the availability of our services will be considered an abuse.

Do not create more than 2 accounts as part of your testing. Failure to comply may result in your account access being blocked.

When in doubt, contact us.
Logged
Pages: [1]
« previous next »