45466 policies in database
Link to program      
2016-12-21
2019-07-14
OWASP Java Encoder logo
Thank
Gift
HOF
Reward

OWASP Java Encoder

OWASP supports many volunteers efforts to produce security libraries which at the same time are used by many companies and developers, in order to secure their applications. This bounty program for Java Encoder project run by OWASP is to determine the protection level claimed by the library and verify that indeed the protected application is not vulnerable to XSS attacks when using the library.

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage.

Rewards

OWASP may provide rewards to eligible reporters of qualifying vulnerabilities. Our minimum reward is reputational points. The following table outlines the usual minimum rewards for specific classes of vulnerabilities for in-scope properties (see section on Scope).

Getting Started Guide

Scope

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.

In Scope

Scope Type Scope Name
web_application

https://github.com/OWASP/OWASPBugBounty/tree/master/JavaEncoder

web_application

https://github.com/OWASP/OWASPBugBounty/tree/master/JavaEncoder/war-files


This program feature scope type like web_application.

FireBounty © 2015-2024

Legal notices | Privacy policy