Alvosec
No technology is perfect, and Alvosec believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology. If you believe you've found a security issue in our product or service, we encourage you to notify us. We welcome working with you to resolve the issue promptly.
Which type of attacks are allowed to preform on our system:
bypassing firewall rules
privilege escalation of MySQL, SSH, mail server or any other service which is running on the server
SSL attack
DNS attack
zero day exploit
data leaking
(Don't use Nessus or OpenVAS, try to preform as much as possible manual research)
IMPORTANT! (Server bounty will be open only for some time! We will anounce when server bounty is finished.)
Type of attacks:
*OWASP TOP 10
Also, the following do not quality:
DoS, brute force, user enumeration or DDoS attacks
Banner or version disclosures.
HSTS or CSP headers
Missing SPF
Missing cookie flags on non-security sensitive cookies
User enumeration
Host header injection
Presence of autocomplete attribute on web forms
Disclosure of known public files or directories, (e.g. robots.txt)
Open ports without a vulnerability
Missing captcha
Let us know as soon as possible upon discovery of a potential security issue, and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
While researching, we'd like to ask you to refrain from:
Denial of service
Spamming
Social engineering (including phishing) of Alvosec staff or contractors
Any physical attempts against Alvosec property or data centers
Thank you for helping keep Alvosec and our users safe!
This program crawled on the 2017-01-06 is sorted as bounty.
FireBounty © 2015-2024
