Ensuring the security and integrity of the Twilio platform is critical to the service we provide to our customers. We are committed to providing a secure product and appreciate help from the community in responsibly identifying ways for us to improve Twilio. We will make an effort to respond as fast as possible.
If you would like to report abuse of SendGrid's service please see our spam/phish reporting page or email to abuse@sendgrid.com
For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
NOTE: If a submission falls under Secondary, Other or Sendgrid targets, and has a significant impact, bounty may be increased at Twilio’s discretion.
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.
Scope Type | Scope Name |
---|---|
android_application | Authy Android App |
api | api.twilio.com |
api | Twilio APIs |
api | api.sendgrid.com |
api | Twilio Verify - https://verify.twilio.com |
api | Twilio Authy API |
api | Twilio Authy Dashboard API |
ios_application | Authy iOS app |
undefined | Twilio Wireless |
undefined | Twilio Helper Libraries |
undefined | Twilio SDKs |
undefined | Twilio Console |
undefined | Authy Desktop app |
web_application | tsock.us1.twilio.com |
web_application | .sip..twilio.com |
web_application | Twilio WebRTC Client |
web_application | Twilio CDNs (static*.twilio.com) |
web_application | twilio.com/blog |
web_application | https://build.twilio.com/s/ |
web_application | https://app.sendgrid.com/ |
web_application | https://signup.sendgrid.com/ |
web_application | https://mc.sendgrid.com/ |
web_application | smtp.sendgrid.net |
web_application | https://sendgrid.com |
web_application | Twilio Authy - https://api.authy.com |
web_application | Any host/web property verified to be owned by Twilio |
Scope Type | Scope Name |
---|---|
undefined | Ytica and its assets |
undefined | TwimlBins |
undefined | All Kurento domains |
undefined | Third-party services used by SendGrid |
web_application | store.twilio.com |
web_application | Demo websites e.g. lab.authy.com |
web_application | twiliotraining.com |
web_application | www.twilio.com/labs |
web_application | www.twilio.com/quest |
web_application | surveys.twilio.com |
web_application | support.sendgrid.com |
web_application | status.sendgrid.com |
web_application | support.twilio.com |
web_application | s.signal.twilio.com |
web_application | ahoy-eloqua.twilio.com |
web_application | https://dashboard.authy.com |
web_application | issues-sendgrid.dev.twilio.com |
web_application | https://www.zipwhip.com/* |
This program can reward you in USD, up to 9500 $.
FireBounty © 2015-2024