follow us on twitter . like us on facebook . follow us on instagram . subscribe to our youtube channel . announcements on telegram channel



« previous next »
Pages: [1]

Author Topic: Practo Bug Bounty  (Read 16118 times)

Angelina

  • Moderator
  • Experienced Member
  • *****
  • Posts: 357
    • View Profile
Practo Bug Bounty
« on: July 26, 2023, 08:10:31 pm »
submit bug report: https://www.practo.com/company/responsible-disclosure-policy

At Practo, we take safety and security of our customers’ data very seriously and stand guard to the trust put in us by our users.


We understand the importance and value of the role played by security researchers and ethical hackers in keeping the internet safe. Therefore, we support their responsible efforts in not only identifying potential vulnerabilities but also reporting them responsibly.


We urge you to review the Responsible Disclosure Policy before you test and/or report an issue with any of our applications. We assure you that Practo will never pursue any legal action against users who report the issues, as long as they follow these guidelines.


Who can participate in the program?
Anyone who doesn't work for Practo or partners of Practo who reports a unique security issue in scope and does not disclose it to a third party before we have patched and updated will be eligible to take part in this program.

Responsible Disclosure policy:
- Report your finding by writing to us directly at secure@practo.com without making any information public.
- We will respond as quickly as possible, generally takes 24-48 hours.
- In best interest of our customers and their data, please do not publicly disclose the issue until it has been addressed by Practo within a reasonable timeframe.
- In order to keep everyone safe, please act in good faith towards our users' privacy and data during your disclosure. We won't take legal action against you or administrative action against your account if you act accordingly.
- Make every effort to avoid privacy violations, disruption to production systems, degradation of user experience and destruction of data during security testing. This would include Brute Force, DoS, Spamming, Scraping, Social Engineering etc.
Reporting guidelines
Please include the following information when sending us the details:

- Operating System name and version.
- Client name and version.
- Plugin names and version installed in the client.
- Steps necessary to reproduce the vulnerability including any specific settings required to be reproduced (If this contains more than a few steps, please create a video so we can attempt to perform the same steps).
- A copy of the source code following your successful test.
- What is the impact of the issue.
- What are some scenarios where an attacker would be able to leverage this vulnerability?
- What would be your suggested fix?
Scope
- All subdomains of practo.com i.e. *.practo.com
- Practo mobile apps -- Android, iOS
Logged
Pages: [1]
« previous next »