45466 policies in database
Link to program      
2015-06-30
2018-06-05
Asana logo
Thank
Gift
HOF
Reward

Reward

150 $ 

Asana

No technology is perfect and Asana believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. We are excited for you to participate as a security researcher in order to identify weaknesses in our web apps. If you believe you've found a security issue, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use the Bugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Asana uses a nonce based CSP policy. If you discover an XSS vulnerability that you cannot exploit due to the CSP policy, but would at least be a P4 without the CSP policy present, we will reward that vulnerability as if it was a P4.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name
android_application

Asana Android app

ios_application

Asana iOS app

undefined

Asana Desktop App

web_application

app.asana.com

web_application

asana.com

web_application

*.asana.plus

web_application

*.asana.biz

web_application

form.asana.com

web_application

*.app.asana.com

Out of Scope

Scope Type Scope Name
undefined

Social engineering against Asana Support

web_application

Other subdomains of asana.com


This program crawled on the 2015-06-30 is sorted as bounty.

FireBounty © 2015-2024

Legal notices | Privacy policy