Banner object (1)

Hack and Take the Cash !

816 bounties in database
  Back Link to program      
23/07/2019
Backblaze logo
Thanks
Gift
Hall of Fame
Reward

Reward

Backblaze

Security is a top priority at Backblaze. We believe that no technology is perfect and that working with skilled security researchers across the globe is crucial in identifying weaknesses in our technology. If you believe you've found a security bug in our service, we are happy to work with you to resolve the issue promptly and ensure you are fairly rewarded for your discovery.

If you have questions about the Backblaze service or are trying to get help with your own Backblaze account, please visit our support page __for assistance. Here are a few relevant resources that may come in handy while doing your research:

Service Scopes:

We have six main areas that we invite our hackers to test.

  • The Web Application (https://*.backblaze.com, this includes any API's used on the site through ajax calls that are public or private)
  • Personal Backup Clients (Mac and Windows)
  • Restore Downloaders (Mac and Windows)
  • B2 API's (https://*.backblazeb2.com)
  • Mobile Applications (iOS and Android)
  • Git Repositories (b2-sdk-java & B2 Command Line Tool)

Coordinated disclosure rules

  • Please let us know as soon as possible upon discovery of a potential security issue, and we’ll make every effort to quickly correct the issue.
  • Provide us a reasonable amount of time to fix the issue before publishing it elsewhere.
  • Make a good faith effort to not leak, manipulate, or destroy any user data. Please only test against accounts you own yourself or with explicit permission of the account holder.
  • Please don't create more than a couple of accounts for testing.
  • Please do not attempt a Denial of Service (DoS) attack without our explicit permission and oversight.
  • Please do not submit anything that is explicitly deemed out of scope below.

Bounty eligibility

We are most interested in remote code execution vulnerabilities and leaks of personal information (authentication/authorization bypasses). We request that researchers focus on these critical areas. Backblaze reserves the right to decide if an issue meets the minimum severity threshold, and whether it is a duplicate of an earlier report.

To qualify for a reward under this program, you should:

  • Be the first to report a specific vulnerability.
  • Send a clear textual description of the report along with steps to reproduce the vulnerability. Include attachments such as screenshots or proof of concept code as necessary.
  • Disclose the vulnerability report directly and exclusively to us. Public disclosure or disclosure to other third parties -- including vulnerability brokers -- before we addressed your report will forfeit the reward.

Scope exclusions

Because we are most interested in remote code execution vulnerabilities and leaks of personal information (authentication/authorization bypasses), not all issue types/techniques are included in the scope of our program at this time. Please be aware of the following scope exclusions before beginning your research and submitting any reports.

  • Denial of Service (DoS) attacks that just overwhelm resources (as apposed to crash systems)
  • Best practice concerns not accompanied by in scope exploits (e.g. missing HTTP headers, outdated software, etc.)
  • Generic email spoofing issues
  • Vulnerabilities in third parties using Backblaze

Thank you for helping keep Backblaze safe!

In Scope

Scope Type Scope Name
android_application

com.backblaze.android

ios_application

com.backblaze.BzBackupBrowser

web_application

*.backblazeb2.com

web_application

www.backblaze.com

web_application

https://github.com/Backblaze/B2_Command_Line_Tool

web_application

https://secure.backblaze.com/mac/install_backblaze.dmg

web_application

https://www.backblaze.com/mac_restore_downloader

web_application

https://secure.backblaze.com/win32/install_backblaze.exe

web_application

https://secure.backblaze.com/api/restore_downloader

web_application

https://github.com/Backblaze/b2-sdk-java

web_application

*.backblaze.com

web_application

www.backblaze.com __

web_application

www.backblaze.com __


This program leverage 13 scopes, in 3 scopes categories.

FireBounty © 2015-2019

Legal notices