Do you have the skills to detect security flaws, vulnerabilities, or anything else that can compromise our network? If so, put your technical skills up against our developers, and find security flaws we’ve created or missed, and get paid for your time.
We encourage the coordinated disclosure of the following eligible web application vulnerabilities:
- Cross-site scripting
- Cross-site request forgery in a privileged context
- Server-side code execution
- Authentication or authorization flaws
- Injection Vulnerabilities (Does not include HTML Injections)
- Directory Traversal
- Information Disclosure
- Significant Security Misconfiguration
To receive credit, you must be the first reporter of a vulnerability and provide us a reasonable amount of time to remediate before publicly disclosing. When submitting a vulnerability, please provide concise steps to reproduce that are easily understood.
While we encourage any submission affecting the security of an digitaendpoint web property, unless evidence is provided demonstrating exploitability, the following examples are excluded from this program:
- Content spoofing / text injection
- Html Injection
- Self-XSS [to be valid, cross-site scripting issues must be exploitable in reflected, stored or DOM-based types]
- Logout and other instances of low-severity Cross-Site Request Forgery
- Missing http security headers
- Missing cookie flags on non-sensitive cookies
- Password and account recovery policies, such as reset link expiration or password complexity
- Invalid or missing SPF (Sender Policy Framework) records (Incomplete or missing SPF/DKIM)
- Vulnerabilities only affecting users of outdated or unpatched browsers and platforms
- SSL/TLS best practices
- Clickjacking/UI redressing with no practical security impact
- Software version disclosure
- Username / email enumeration via Login Page or Forgot Password Page error messages
Rewards range from $100 — $5,000 and will be evaluated extremely generously. The general terms are in line with the industry and can be found here. You will be paid anonymously by the cryptocurrency of your choice.
How to Submit?
Please submit any bugs you find using our form, by clicking here.