46829 policies in database
Link to program      
2018-04-13
2019-08-07
JamieWeb logo
Thank
Gift
HOF
Reward

JamieWeb

Please note that this program does not offer rewards for bug submissions as JamieWeb is just a small personal project.

This disclosure program is limited to assets in the scope found at the bottom of this page.

Things To Look For

  • Web application vulnerabilities (Command Injection, SSRF, CSRF, XSS, etc)

  • Security misconfigurations

  • Suggested security improvements

  • Information leakage

  • Multi-byte/binary exploitation

  • Tor Hidden Service de-anonymization

  • Security header configurations

  • Content Security Policy (CSP) bypass

  • DNS record configuration (SPF, DKIM, DMARC, CAA, etc)

  • TLS configuration

  • Code security audit/review

  • Software that is more than 24 hours out of date

  • Etc...

Feel free to use automated tools as long as you do not cause network/service disruption for me or third-parties.

Testing must not cause issues for other organisations such as hosting providers, network operators or ISPs (e.g. Cloudflare).

Disclosure Policy

  • Let me know of any potential vulnerabilities as soon as possible and I will make every effort to resolve the issue quickly.

  • Share with me the full details of any vulnerability including steps to reproduce if applicable.

  • Provide me a reasonable amount of time to fix the issue before disclosure to the public or a third-party.

  • Try to avoid degradation of service, destruction of data or privacy violations.

I will make every effort to abide by HackerOne's disclosure guidelines: https://hackerone.com/disclosure-guidelines

Exclusions

While researching, please do not attempt the following:

  • Denial of service (DoS)

  • Spamming

  • Phishing

  • Spoofing or hijacking

  • Man in the Middle (MitM) or interception

  • Attacks which require physical presence on the network of a user

  • Domain name hijacking or theft

  • Account hijacking or theft

  • Cybersquatting

  • Social engineering

  • Physical/real-life attacks

  • Anything that could falsely lower the reputation of me or my website

  • Anything that could falsely get me in trouble

  • Attacks on 3rd-party systems that are out of my general control

Rewards

  • Thank you shown at "https://hackerone.com/jamieweb/thanks".

Please note that this program does not provide monetary rewards for bug submissions.

Researchers who submit non-issues, false issues or purely opinion-based issues may not be thanked publicly.

Thank you for helping keep JamieWeb safe!

In Scope

Scope Type Scope Name
web_application

acme-validation.jamieweb.net

web_application

ipv6.jamieweb.net

web_application

ipv4.jamieweb.net

web_application

jamieweb.net

web_application

jamie3vkiwibfiwucd6vxijskbhpjdyajmzeor4mc4i7yopvpo4p7cyd.onion

web_application

jamiewebgbelqfno.onion

web_application

nyc01.jamieweb.net

web_application

ldn01.jamieweb.net

web_application

www.jamieweb.net

web_application

https://gitlab.com/jamieweb/results-whitelist

web_application

https://gitlab.com/jamieweb/jamieweb

web_application

https://gitlab.com/jamieweb/jw-config

web_application

https://gitlab.com/jamieweb/web-server-log-anonymizer-bloom-filter

web_application

https://gitlab.com/jamieweb/dl-integrity-verify

web_application

139.162.222.67

web_application

2a01:7e00::f03c:91ff:fec6:27a3

web_application

157.230.83.95

web_application

2604:a880:400:d1::aad:8001

Out of Scope

Scope Type Scope Name
other

3rd Party Email Servers in my MX Records

web_application

status.jamieweb.net


Firebounty have crawled on 2018-04-13 the program JamieWeb on the platform Hackerone.

FireBounty © 2015-2024

Legal notices | Privacy policy