OWASP Java Encoder
OWASP supports many volunteers efforts to produce security libraries which at the same time are used by many companies and developers, in order to secure their applications. This bounty program for Java Encoder project run by OWASP is to determine the protection level claimed by the library and verify that indeed the protected application is not vulnerable to XSS attacks when using the library.
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage.
OWASP may provide rewards to eligible reporters of qualifying vulnerabilities. Our minimum reward is reputational points. The following table outlines the usual minimum rewards for specific classes of vulnerabilities for in-scope properties (see section on Scope).
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.
Learn more about Bugcrowd’s VRT.
This bounty requires explicit permission to disclose the results of a submission.
| Scope Type | Scope Name |
|---|---|
| web_application | https://github.com/OWASP/OWASPBugBounty/tree/master/JavaEncoder |
| web_application | https://github.com/OWASP/OWASPBugBounty/tree/master/JavaEncoder/war-files |
This program feature scope type like web_application.
FireBounty © 2015-2024
