Banner object (1)

Hack and Take the Cash !

722 bounties in database
06/01/2017
Alvosec logo

Reward

Alvosec

No technology is perfect, and Alvosec believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.

Disclosure Policy

  • OUR MAIN GOAL IS TO PROTECT OUR SERVERS, SO ANY FOUNDED VULNERABILITY OR MISCONFIGURATION THAT CAN LEAD TO DISCLOSURE OF SENSITIVE DATA SHOULD BE REPORTED HERE.

Which type of attacks are allowed to preform on our system:

  • bypassing firewall rules
  • privilege escalation of MySQL, SSH, mail server or any other service which is running on the server
  • SSL attack
  • DNS attack
  • zero day exploit
  • data leaking

(Don't use Nessus or OpenVAS, try to preform as much as possible manual research)

IMPORTANT! (Server bounty will be open only for some time! We will anounce when server bounty is finished.)

  • OUR SECOND GOAL IS TO KEEP OUR WEBSITE SAFE AS MUCH AS POSSIBLE. Type of attacks:

*OWASP TOP 10

  • Pentest is allowed to perform only on alvosec.com + including all subdomains.

Out of Scope

Also, the following do not quality:

  • DoS, brute force, user enumeration or DDoS attacks
  • Banner or version disclosures.
  • HSTS or CSP headers
  • Missing SPF
  • Missing cookie flags on non-security sensitive cookies
  • User enumeration
  • Host header injection
  • Presence of autocomplete attribute on web forms
  • Disclosure of known public files or directories, (e.g. robots.txt)
  • Open ports without a vulnerability

  • Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.

  • Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.

  • Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

Exclusions

  • AVOID USING AUTOMATED TOOLS (SCANNERS ETC.) THAT ARE MAKING HUGE LOAD ON SERVERS.

While researching, we'd like to ask you to refrain from:

  • Denial of service
  • Spamming
  • Social engineering (including phishing) of Alvosec staff or contractors
  • Any physical attempts against Alvosec property or data centers

Thank you for helping keep Alvosec and our users safe!

Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2019