Banner object (1)

Hack and Take the Cash !

790 bounties in database
  Back Link to program      
30/10/2017
AlienVault  logo
Thanks
Gift
Hall of Fame
Reward

In Scope

Scope Type Scope Name
other USM Anywhere
other USM Anywhere is our web application SaaS offering.
web_application data.alienvault.com
web_application www.alienvault.com
web_application www.threatcrowd.org
web_application update.alienvault.com
web_application staging.alienvault.com
web_application This is used for our licenses and updates to the USM5

Out of Scope

Scope Type Scope Name
other OSSIM
other USM Appliance
other OSSIM Is our open source solution
other USM Appliance is our on premises solution.
web_application messages.alienvault.com
web_application vpn.alienvault.com
web_application support.alienvault.com
web_application www.alienvault.com/accounts*
web_application https://www.alienvault.com/accounts*
web_application www.alienvault.com/forums*
web_application otx.alienvault.com
web_application learn.alienvault.com
web_application cdn.alienvault.com
web_application calendar.alienvault.com
web_application Dwhtools.alienvault..com
web_application updates.alienvault.com
web_application Avts.alienvault.com
web_application devel.alienvault.com
web_application alpha.alienvault.com
web_application Avmtci.alienvault.com
web_application Mktintsecure.alienvault.com
web_application Avmtvpn.alienvault.com
web_application demo.alienvault.com
web_application Hackers are invited to create accounts to test on this portion of the alienvault.com site.
web_application This asset I'd like to be tested for penetration in a later date.
web_application SFTP site for customer uploads, please refrain from attempting to decrypted any encrypted data/content.
web_application Items under this domain are associated with vanilla forums. Alienvault plans to move away from using vanilla forums and so does not wish to fix these issues for the time being.
web_application Items under this domain are associated with vanilla forums. Alienvault plans to move away from using vanilla forums and so does not wish to fix these issues for the time being.
web_application I've removed this item from scope, but please accept any report that come in for the next 2 weeks
web_application www.alienvault.com __
web_application Not ready to add to scope yet
web_application I need further content before we start testing on this asset.
web_application Not ready to add to scope yet
web_application Not ready to add to scope yet
web_application Not ready to add to scope yet
web_application This is a live demo version of our actual product, we are not ready to start external vulnerability/hack hunting on it yet.

AlienVault

Welcome to AlienNation. We're on a mission to provide organizations throughout the universe with highly intelligent security that is affordable and simple to use.

To help out with our goals here at AlienVault, we look to our fellow security professionals inside and outside of the mother-ship. No technology is perfect after all, and AlienVault believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly. AlienVault will make a best effort to respond to incoming reports within 2 business days. We’ll try to keep you informed about our progress throughout the process.

Eligibility & Disclosure Policy

  • Follow HackerOne's disclosure guidelines __.
  • Please provide detailed reports with reproducible steps.
  • Submit one vulnerability per report, unless you need to chain vulnerabilities to provide impact.

Program Rules

  • Social engineering (e.g. phishing, vishing, smishing) is prohibited.
  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Scope

For now, only the following properties are in scope. We are starting small and will scale up over time. Keep an eye open for when we expand to further our domain testing and product testing.

  • www.alienvault.com __- The actual website for alienvault itself.
  • update.alienvault.com - Update server for alienvault product.
  • data.alienvault.com - This is used for licenses and USM5 updates.
  • threatcrowd.org - Search engine for threats.
  • staging.alienvault.com - Utilized for demo staging.

Out of Scope

Following items are out of scope for the time being and Alienvault does not wish to receive reports on them.

When reporting vulnerabilities, please consider (1) attack scenario / exploitability, and (2) security impact of the bug. The following issues are considered out of scope:

  • Clickjacking on pages with no sensitive actions.
  • Unauthenticated/logout/login CSRF.
  • Attacks requiring MITM or physical access to a user's device.
  • Previously known vulnerable libraries without a working Proof of Concept.
  • Comma Separated Values (CSV) injection without demonstrating a vulnerability.
  • Missing best practices in SSL/TLS configuration.
  • Any activity that could lead to the disruption of our service (DoS).
  • Content spoofing and text injection issues without showing an attack vector/without being able to modify HTML/CSS

Small note

Otx.alienvault.com is out of scope, but in the case you are exploring please take note. While testing the otx.alienvault.com site, if you visit a threat feed and are using Burp Suite or some other web crawler searching for links, your web crawler will make requests to malicious links and potentially download malware. Thank you swelcher for pointing this out.

Thank you for helping keep AlienVault and our users safe! And thank you again for your contributions to a safer and more secure community.

FireBounty © 2015-2019

Legal notices