Do you have the skills to detect security flaws, vulnerabilities, or anything else that can compromise our network? If so, put your technical skills up against our developers, and find security flaws we’ve created or missed, and get paid for your time.

Scope:

digitalendpoint.com
blog.digitalendpoint.com
portal.digitalendpoint.com

Eligible Vulnerabilities

We encourage the coordinated disclosure of the following eligible web application vulnerabilities:

  • Cross-site scripting
  • Cross-site request forgery in a privileged context
  • Server-side code execution
  • Authentication or authorization flaws
  • Injection Vulnerabilities
  • Directory Traversal
  • Information Disclosure
  • Significant Security Misconfiguration

To receive credit, you must be the first reporter of a vulnerability and provide us a reasonable amount of time to remediate before publicly disclosing. When submitting a vulnerability, please provide concise steps to reproduce that are easily understood.

Program Exclusions

While we encourage any submission affecting the security of an digitaendpoint web property, unless evidence is provided demonstrating exploitability, the following examples are excluded from this program:

  • Content spoofing / text injection
  • Self-XSS [to be valid, cross-site scripting issues must be exploitable in reflected, stored or DOM-based types]
  • Logout and other instances of low-severity Cross-Site Request Forgery
  • Missing http security headers
  • Missing cookie flags on non-sensitive cookies
  • Password and account recovery policies, such as reset link expiration or password complexity
  • Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM)
  • Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
  • SSL/TLS best practices
  • Clickjacking/UI redressing with no practical security impact
  • Software version disclosure
  • Username / email enumeration via Login Page or Forgot Password Page error messages

Rewards

Rewards range from $100 — $5,000 and will be evaluated extremely generously. The general terms are in line with the industry and can be found here. You will be paid anonymously by the cryptocurrency of your choice.

How to Submit?

Please submit any bugs you find using our form, by clicking here.