Banner object (1)

Hack and Take the Cash !

833 bounties in database
  Back Link to program      
24/10/2019
Gusto logo
Thanks
Gift
Hall of Fame
Reward

Reward

25 $ 

Gusto

Gusto’s mission is to create a world where work empowers a better life. By making the most complicated business tasks simple and personal, Gusto is reimagining payroll, benefits and HR for modern companies.

Security is one of the top priorities at Gusto. We put the same amount of care in protecting our customers' information as we would with our own information. For that end, we would like to invite you to our bug bounty program. We appreciate your efforts and hard work in making the internet (and Gusto) more secure and look forward to working with the researcher community to create a meaningful and successful bug bounty program. Good luck and happy hunting!


Ratings/Rewards:

For the initial prioritization/rating of findings, this program will use theBugcrowd Vulnerability Rating Taxonomy. However, it is important to note that in some cases a vulnerability priority will be modified due to its likelihood or impact. In any instance where an issue is downgraded, a full, detailed explanation will be provided to the researcher - along with the opportunity to appeal, and make a case for a higher priority.

Reward Range

Last updated 23 Oct 2019 16:50:36 UTC

Technical severity | Reward range
---|---
p1 Critical | $2,250 - $3,000
p2 Severe | $1,200 - $1,500
p3 Moderate | $500 - $750
p4 Low | $25 - $50

P5 submissions do not receive any rewards for this program.

Targets

In scope

Target name | Type
---|---
app.gusto-demo.com | Website
manage.gusto-demo.com | Website
<https://gusto-demo.com> | Website

Out of scope

Target name | Type
---|---
*.gusto.com | Website

Testing is only authorized on the targets listed as In-Scope. Any domain/property of Gusto not listed in the targets section is out of scope. This includes any/all subdomains not listed above. If you believe you've identified a vulnerability on a system outside the scope, please reach out to support@bugcrowd.com before submitting.


Access:

At this time, we're not able to provide any credentials for this program. If you have credentials, you're free to use them though!

NOTE: Actions which affect the integrity of availability of program targets are prohibited and strictly enforced. If you notice performance degradation on the target systems, you must immediately suspend all use of automated tools and notify Gusto immediately of the incident and provide details of the actions taken, when the performance degradation was believed to have started, and when your activity ceased.


Out-of-Scope

  • No testing/submissions on *.gusto.com except for www.gusto.com
  • No rate-limiting or DoS attack related submissions

Focus Areas

  • Granular permissions in https://manage.gusto-demo.com/payroll_admin/company/settings/add_admin

Safe Harbor:

When conducting vulnerability research according to this policy, we consider this research to be:

  • Authorized in accordance with the Computer Fraud and Abuse Act (CFAA) (and/or similar state laws), and we will not initiate or support legal action against you for accidental, good faith violations of this policy;
  • Exempt from the Digital Millennium Copyright Act (DMCA), and we will not bring a claim against you for circumvention of technology controls;
  • Exempt from restrictions in our Terms & Conditions that would interfere with conducting security research, and we waive those restrictions on a limited basis for work done under this policy; and
  • Lawful, helpful to the overall security of the Internet, and conducted in good faith.
  • You are expected, as always, to comply with all applicable laws.

If at any time you have concerns or are uncertain whether your security research is consistent with this policy, please inquire via support@bugcrowd.com before going any further.

Program rules

This program follows Bugcrowd’s standard disclosure terms.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

In Scope

Scope Type Scope Name
web_application

app.gusto-demo.com

web_application

manage.gusto-demo.com

web_application

https://gusto-demo.com

Out of Scope

Scope Type Scope Name
web_application

*.gusto.com


This program crawled on the 2019-10-24 is sorted as bounty.

FireBounty © 2015-2019

Legal notices