mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-22 02:43:02 +00:00
Create scope_example.md
This commit is contained in:
parent
b8b7b585e6
commit
b36e307f36
1 changed files with 68 additions and 0 deletions
68
bug-bounties/scope_example.md
Normal file
68
bug-bounties/scope_example.md
Normal file
|
@ -0,0 +1,68 @@
|
|||
# Bug Bounty Program Scope
|
||||
|
||||
## Introduction
|
||||
|
||||
Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.
|
||||
|
||||
## Target Systems
|
||||
|
||||
### In-Scope Targets
|
||||
|
||||
- **Web Applications**
|
||||
- app1.example.com
|
||||
- app2.example.com
|
||||
- **Mobile Applications**
|
||||
- Android App (version x.x and above)
|
||||
- iOS App (version x.x and above)
|
||||
- **APIs**
|
||||
- api.example.com/v1/
|
||||
- api.example.com/v2/
|
||||
|
||||
### Out-of-Scope Targets
|
||||
|
||||
- Internal Systems (192.168.x.x)
|
||||
- Third-party Applications or Plugins
|
||||
- Subdomain3.example.com
|
||||
|
||||
## Vulnerability Types
|
||||
|
||||
### In-Scope Vulnerabilities
|
||||
|
||||
- Cross-Site Scripting (XSS)
|
||||
- SQL Injection
|
||||
- Cross-Site Request Forgery (CSRF)
|
||||
- Business Logic Vulnerabilities
|
||||
|
||||
### Out-of-Scope Vulnerabilities
|
||||
|
||||
- Denial of Service (DoS) attacks
|
||||
- Social Engineering Attacks
|
||||
- Physical Attacks
|
||||
|
||||
## Testing Methods
|
||||
|
||||
- Automated Scanning (Specify permitted tools)
|
||||
- Manual Code Review
|
||||
- Penetration Testing (Specify guidelines)
|
||||
|
||||
## Reward Structure
|
||||
|
||||
- **Critical Vulnerabilities**: $1000 - $5000 (or alternative rewards)
|
||||
- **High Severity Vulnerabilities**: $500 - $1000 (or alternative rewards)
|
||||
- **Medium Severity Vulnerabilities**: $100 - $500 (or alternative rewards)
|
||||
- **Low Severity Vulnerabilities**: $50 - $100 (or alternative rewards)
|
||||
|
||||
(Include criteria for determining the severity)
|
||||
|
||||
## Reporting Guidelines
|
||||
|
||||
Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.
|
||||
|
||||
## Legal Protections
|
||||
|
||||
Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.
|
||||
|
||||
## Contacts
|
||||
|
||||
Provide contact details for researchers to reach out in case of queries or clarifications.
|
||||
|
Loading…
Reference in a new issue