Genasys Technologies provides insurance software solutions for various types of companies in the insurance space. All our software is developed in-house. Our strategy is exposing our back-end system through a growing set of API endpoints. Moving from private networks to public internet introduces new risks. If you believe you've found a security issue in our products, we encourage you to notify us.
While researching, we'd like to ask you to refrain from:
The following items are considered out-of-scope:
We are most interested in security faults within our custom applications and web services. For this reason, there is no WAF or rate limiting and our API documentation is published.
System users have access to SKi API and 4Web, a web application for insurers, brokers and agents to process policy sales and claims. Different users have different privileges based on a RBAC security model.
In order to access these applications, you can create your own system user at https://staging.genasystech.co.uk/CreateBrokerAccount/ __. Note that this utility itself is not in scope for testing, but we would be interested if injected values cause issues in any in-scope applications.
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
We appreciate your efforts in helping us protect our clients' data.
|Scope Type||Scope Name|
This program crawled on the 2019-11-26 is sorted as bounty.