Cybrary invites you to help test and secure their career development platform! Cybrary is a cybersecurity and IT workforce development platform. Its ecosystem of people, companies, content, and technologies converge to create an ever-growing catalog of online courses and experiential tools that provide IT and cybersecurity learning opportunities to anyone, anywhere, anytime.

Good luck and happy hunting!

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

This program only awards points for VRT based submissions.

Targets

In scope

Target name | Type
---|---
www.cybrary.it/* | Website Testing
app.cybrary.it/* | Website Testing
iOS App | iOS
Android App | Android
api-auth.cybrary.it/* | API Testing
api-courses.cybrary.it/* | API Testing

Testing is only authorized on the targets listed as In-Scope. Any domain/property of Cybrary not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to support@bugcrowd.com before submitting.

Access:

Free accounts are available via self-signup.

Focus Areas

• Are you able to view user data that doesn't belong to you?
• Are you able to privilege escalate your account?

The following items are excluded from the program

• Rating Limiting
• Denial of Service

Safe Harbor:

When conducting vulnerability research according to this policy, we consider this research to be:

• Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
• Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
• Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
• Lawful, helpful to the overall security of the Internet, and conducted in good faith.
• You are expected, as always, to comply with all applicable laws.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via support@bugcrowd.com before going any further.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

Learn more about Bugcrowd’s VRT.