Banner object (1)

Hack and Take the Cash !

722 bounties in database
26/03/2019
StackPath logo

StackPath

Our platform of secure edge services is developed in pursuit of our ultimate mission: to make the internet safe. We greatly value the hard work and genius of the internet security research community, and welcome reports of any discovered StackPath platform vulnerability.

If you identify a vulnerability in our platform please notify us right away through the methods outlined in our Vulnerability Disclosure Program. We investigate all reported vulnerabilities and resolve identified issues as quickly as possible. We appreciate your efforts and cooperation avoiding privacy violations, damaging data, or otherwise interrupting or causing a negative impact on any of our services as you conduct your research.

Ratings:

For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

This program only awards points for VRT based submissions.

Targets

In scope

Target name | Type
---|---
*.stackpath.com | Website
*.stackpath.net | Website
Any publicly facing host owned by StackPath - (ip space, domains, etc) | Website
Any product/service offered by StackPath (CDN/DNS/WAF/etc) | Website

Out of scope

Target name | Type
---|---
StackPath customer instances (e.g. *.stackpathdns.com) | Website

Testing is only authorized on the targets listed as In-Scope. Any domain/property of StackPath not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to support@bugcrowd.com before submitting.


Target info:

  • *.stackpath.com is used for all public services, including the main website, customer portal, API, etc.

  • *.stackpath.net is generally used for internal company resources/services

Access/Credentials:

All of the above targets are publicly accessible, researchers are encouraged to create trial accounts to test with, or utilize any existing accounts already legally owned. Please DO NOT perform any testing against accounts you do not expressly own.

Out of Scope:

  • Customer owned CDN sites not personally owned by the researcher are not in scope (e.g. *.stackpathdns.com)

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

Thanks
Gift
Hall of Fame
Reward


List your Bug Bounty for free immediately!

Contact us if you want more information.

FireBounty (c) 2015-2019