Banner object (1)

Hack and Take the Cash !

844 bounties in database
  Back Link to program      
30/10/2017
AlienVault  logo
Thanks
Gift
Hall of Fame
Reward

AlienVault

Welcome to AlienNation. We're on a mission to provide organizations throughout the universe with highly intelligent security that is affordable and simple to use.

To help out with our goals here at AlienVault, we look to our fellow security professionals inside and outside of the mother-ship. No technology is perfect after all, and AlienVault believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly. AlienVault will make a best effort to respond to incoming reports within 2 business days. We’ll try to keep you informed about our progress throughout the process.

Eligibility & Disclosure Policy

  • Follow HackerOne's disclosure guidelines __.
  • Please provide detailed reports with reproducible steps.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.

Program Rules

  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Scope

For now, only the following properties are in scope. We are starting small and will scale up over time. Keep an eye open for when we expand to further our domain testing and product testing.

  • www.alienvault.com __- The actual website for alienvault itself.
  • update.alienvault.com - Update server for alienvault product.
  • data.alienvault.com - This is used for licenses and USM5 updates.
  • threatcrowd.org - Search engine for threats.
  • staging.alienvault.com - Utilized for demo staging.

Out of Scope

Following items are out of scope for the time being and Alienvault does not wish to receive reports on them.

When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:

  • Clickjacking on pages with no sensitive actions.
  • Unauthenticated/logout/login CSRF.
  • Attacks requiring MITM or physical access to a user's device.
  • Previously known vulnerable libraries without a working Proof of Concept.
  • Comma Separated Values (CSV) injection without demonstrating a vulnerability.
  • Missing best practices in SSL/TLS configuration.
  • Any activity that could lead to the disruption of our service (DoS).
  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS

Small note

Otx.alienvault.com is out of scope, but in the case you are exploring please take note. While testing the otx.alienvault.com site, if you visit a threat feed and are using Burp Suite or some other web crawler searching for links, your web crawler will make requests to malicious links and potentially download malware. Thank you swelcher for pointing this out.

Thank you for helping keep AlienVault and our users safe! And thank you again for your contributions to a safer and more secure community.

In Scope

Scope Type Scope Name
web_application

data.alienvault.com

web_application

www.alienvault.com

web_application

www.threatcrowd.org

web_application

update.alienvault.com

web_application

staging.alienvault.com

Out of Scope

Scope Type Scope Name
web_application

messages.alienvault.com

web_application

vpn.alienvault.com

web_application

support.alienvault.com

web_application

www.alienvault.com/accounts*

web_application

https://www.alienvault.com/accounts*

web_application

www.alienvault.com/forums*

web_application

otx.alienvault.com

web_application

learn.alienvault.com

web_application

cdn.alienvault.com

web_application

calendar.alienvault.com

web_application

Dwhtools.alienvault..com

web_application

updates.alienvault.com

web_application

Avts.alienvault.com

web_application

devel.alienvault.com

web_application

alpha.alienvault.com

web_application

Avmtci.alienvault.com

web_application

Mktintsecure.alienvault.com

web_application

Avmtvpn.alienvault.com

web_application

demo.alienvault.com

web_application

www.alienvault.com __


The progam has been crawled by Firebounty on 2017-10-30 and updated on 2019-08-03, 76 reports have been received so far.

FireBounty © 2015-2019

Legal notices