Banner object (1)

5283 policies in database
  Back Link to program      
05/10/2019
Bigbank logo
Thanks
Gift
Hall of Fame
Reward

Bigbank

Bigbank AS is a licensed bank and as such, considers the security of its systems and information to be of utmost importance. We try to include security into our products from design to deployment, but no software is 100% secure and sometimes vulnerabilities escape detection. We invite you to test and help secure our Web applications. We appreciate your efforts and hard work in making the internet (and Bigbank) more secure and look forward to working with the researcher community to create a meaningful and successful vulnerability disclosure program.

Good luck and happy hunting!

Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

This program only awards points for VRT based submissions.

Targets

In scope

Target name | Type
---|---
apvieno.bigbank.lv | Website Testing
arilaen.bigbank.ee | Website Testing
auth.bigbank.eu | Website Testing
banking.bigbank.ee | Website Testing
banking.bigbank.lv | Website Testing
biznesam.bigbank.lv | Website Testing
ca.bigbank.eu | Website Testing
calculations.bigbank.fi | Website Testing
feedback.bigbank.eu | Website Testing
login.bigbank.eu | Website Testing
paraiska.bigbank.lt | Website Testing
partner-api.bigbank.ee | Website Testing
paskolos.bigbank.lt | Website Testing
refinansavimas.bigbank.lt | Website Testing
taotlus.bigbank.ee | Website Testing
uilab.bigbank.ee | Website Testing
verkkopankki.bigbank.fi | Website Testing
verslui.bigbank.lt | Website Testing
Java API Bucket | API Testing
PHP Bucket | Website Testing
Vue+Express Bucket | Website Testing
WP Bucket | Website Testing

Testing is only authorized on the targets listed as In-Scope. Any domain/property of Bigbank not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to support@bugcrowd.com before submitting.

The following targets are specific service sites and are not intended to have any generic starting pages (like index.html). They come into play on some other main sites for specific authorization purposes etc.
https://bank-link.bigbank.lt/
https://smart-id.bigbank.eu/
https://id-card.bigbank.ee/
http://calculations.bigbank.fi/

In Scope Targets

You may use web crawlers to test out any sites which resolve to 185.235.160.4 but you should not use any scanners for testing.

Java API Bucket:

broker.bigbank.lv
brokers.bigbank.fi
brokers.bigbank.se

PHP Bucket:

autopaskola.bigbank.lt
bank-link.bigbank.lt

Vue+Express Bucket:

banking.bigbank.at
banking.bigbank.lt
banking.bigbank.nl
banking.bigbank.se
jobs.bigbank.eu
lainahakemus.bigbank.fi
lizingas.bigbank.lt
loans.bigbank.lv
omahakemus.bigbank.fi
partner.bigbank.ee
partner.bigbank.lv
verkkopankki.bigbank.fi
ansokan.bigbank.se
banking.bigbank.de

WP Bucket

bigbank.at
bigbank.de
bigbank.ee
bigbank.eu
bigbank.es
bigbank.fi
bigbank.lv
bigbank.nl
bigbank.se
bigbank.lt

Out of Scope

  • Our public github
  • EXIF information in images on our sites
  • Components with PHP version below 7.x (we are aware of those and work is in progress).
  • sites: api.bigbank.eu apm.bigbank.eu auth.bigbank.eu auth.bigbank.ee bigsale.bigbank.lt bvsk.ee chat.big.ee docusign.bigbank.es docusign.staging.bigbank.es feedback.bigbank.eu idcard.bigbank.ee mcc.bigbank.ee mcc.bigbank.eu mobileid.bigbank.ee mobileid.bigbank.lt ngwat.bigbank.ee ngwde.bigbank.ee ngwet.bigbank.ee ngwfi.bigbank.ee ngwlt.bigbank.ee ngwlv.bigbank.ee ngwnet.bigbank.ee ngwnl.bigbank.ee ngwnopsa.bigbank.ee ngwse.bigbank.ee okd.bigbank.ee partnerid.bigbank.ee signing.bigbank.lt static.bigbank.at static.bigbank.de static.bigbank.ee static.bigbank.es static.bigbank.fi static.bigbank.lt static.bigbank.lv static.bigbank.nl static.bigbank.se uilab.bigbank.ee okd.bigbank.eu login.bigbank.eu airwatch.bigbank.eu vpn.bbnk.eu report-uri.bigbank.eu

Forbidden

  • The use of scanners for testing any sites which resolve to 185.235.160.4

Credentials:

No credentials will be provided for this engagement.


Safe Harbor:

When conducting vulnerability research according to this policy, we consider this research to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
  • Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
  • Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
  • Lawful, helpful to the overall security of the Internet, and conducted in good faith.
  • You are expected, as always, to comply with all applicable laws.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via support@bugcrowd.com before going any further.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name
undefined

Java API Bucket

undefined

PHP Bucket

undefined

Vue+Express Bucket

undefined

WP Bucket

web_application

apvieno.bigbank.lv

web_application

arilaen.bigbank.ee

web_application

auth.bigbank.eu

web_application

banking.bigbank.ee

web_application

banking.bigbank.lv

web_application

biznesam.bigbank.lv

web_application

ca.bigbank.eu

web_application

calculations.bigbank.fi

web_application

feedback.bigbank.eu

web_application

login.bigbank.eu

web_application

paraiska.bigbank.lt

web_application

partner-api.bigbank.ee

web_application

paskolos.bigbank.lt

web_application

refinansavimas.bigbank.lt

web_application

taotlus.bigbank.ee

web_application

uilab.bigbank.ee

web_application

verkkopankki.bigbank.fi

web_application

verslui.bigbank.lt


Firebounty have crawled on 2019-10-05 the program Bigbank on the platform Bugcrowd.

FireBounty © 2015-2020

Legal notices