Bigbank AS is a licensed bank and as such, considers the security of its systems and information to be of utmost importance. We try to include security into our products from design to deployment, but no software is 100% secure and sometimes vulnerabilities escape detection. We invite you to test and help secure our Web applications. We appreciate your efforts and hard work in making the internet (and Bigbank) more secure and look forward to working with the researcher community to create a meaningful and successful vulnerability disclosure program.
Good luck and happy hunting!
For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.
This program only awards points for VRT based submissions.
Target name | Type
Java API Bucket | API
PHP Bucket | Website
Vue+Express Bucket | Website
WP Bucket | Website
<https://bank-link.bigbank.lt/> | Website
<https://smart-id.bigbank.eu/> | Website
<https://id-card.bigbank.ee/> | Website
<http://calculations.bigbank.fi/> | Website
<https://ca.bigbank.eu/> | Website
Testing is only authorized on the targets listed as In-Scope. Any domain/property of Bigbank not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to firstname.lastname@example.org before submitting.
The following targets are specific service sites and are not intended to have
any generic starting pages (like index.html). They come into play on some
other main sites for specific authorization purposes etc.
No credentials will be provided for this engagement.
When conducting vulnerability research according to this policy, we consider this research to be:
If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via email@example.com before going any further.
This program follows Bugcrowd’s standard disclosure terms.
|Scope Type||Scope Name|
Java API Bucket
Firebounty have crawled on 2019-10-05 the programe Bigbank on the platform Bugcrowd.