FanDuel
At FanDuel, our talented team of engineers and security specialists work non-stop to make our code as secure as possible. However, software without a single vulnerability simply does not exist in the real world. As our products evolve and technology advances, new vulnerabilities are bound to arise. Our Vulnerability Disclosure policy and partnership with HackerOne help us stay ahead of any potential problems.If you believe you've found a security issue in our product or service, we encourage you to notify us. Good luck and happy hunting!
05-April-19 - We have increased our bounty reward payments, with some severities being increased by as much as 50%
We believe our researchers should be acknowledged for their work. In addition to the bounty we have a FanDuel Security Hall of Fame, where researchers who have been awarded bounties are added to the Hall of Fame. The Hall of fame can be found here
Let us know as soon as possible upon discovery of a potential security issue and we'll make every effort to quickly resolve the issue.
Provide us a reasonable amount of time to resolve the issue before any disclosure to the public or a third-party.
Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.
While researching, we'd ask you to refrain from:
Denial of service
Spamming
Social engineering (including phishing) of FanDuel staff or contractors
Any physical attempts against FanDuel property
https://itunes.apple.com/us/app/fanduel-one-day-fantasy-sports/id599664106?mt=8
https://play.google.com/store/apps/details?id=com.fanduel.android.live&hl=en_GB
No findings relating to a lack of rate limiting (login, email triggering, or otherwise) will be accepted for this program
Missing headers
SPF records
Mixed content
fanduel.zendesk.com
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep FanDuel and our users safe!
| Scope Type | Scope Name |
|---|---|
| android_application | com.fanduel.android.self |
| ios_application | 599664106 |
| web_application | *.fanduel.com |
| web_application | fdbox.net |
| web_application | fanduel.design |
| web_application | sportsbook.fanduel.com |
| Scope Type | Scope Name |
|---|---|
| web_application | support.fanduel.com |
| web_application | fanduel.zendesk.com |
| web_application | myaccount.fanduel.com |
| web_application | myaccountmobile.fanduel.com |
| web_application | partners.fanduel.com |
| web_application | newsroom.fanduel.com |
| web_application | okta.fanduel.com |
This program leverage 13 scopes, in 3 scopes categories.
FireBounty © 2015-2024
