mirror of
https://github.com/The-Art-of-Hacking/h4cker
synced 2024-11-13 23:07:07 +00:00
68 lines
1.7 KiB
Markdown
68 lines
1.7 KiB
Markdown
# Bug Bounty Program Scope
|
|
|
|
## Introduction
|
|
|
|
Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.
|
|
|
|
## Target Systems
|
|
|
|
### In-Scope Targets
|
|
|
|
- **Web Applications**
|
|
- app1.websploit.org
|
|
- app2.websploit.org
|
|
- **Mobile Applications**
|
|
- Android App (version x.x and above)
|
|
- iOS App (version x.x and above)
|
|
- **APIs**
|
|
- api.websploit.org/v1/
|
|
- api.websploit.org/v2/
|
|
|
|
### Out-of-Scope Targets
|
|
|
|
- Internal Systems (192.168.x.x)
|
|
- Third-party Applications or Plugins
|
|
- Subdomain3.websploit.org
|
|
|
|
## Vulnerability Types
|
|
|
|
### In-Scope Vulnerabilities
|
|
|
|
- Cross-Site Scripting (XSS)
|
|
- SQL Injection
|
|
- Cross-Site Request Forgery (CSRF)
|
|
- Business Logic Vulnerabilities
|
|
|
|
### Out-of-Scope Vulnerabilities
|
|
|
|
- Denial of Service (DoS) attacks
|
|
- Social Engineering Attacks
|
|
- Physical Attacks
|
|
|
|
## Testing Methods
|
|
|
|
- Automated Scanning (Specify permitted tools)
|
|
- Manual Code Review
|
|
- Penetration Testing (Specify guidelines)
|
|
|
|
## Reward Structure
|
|
|
|
- **Critical Vulnerabilities**: $1000 - $5000 (or alternative rewards)
|
|
- **High Severity Vulnerabilities**: $500 - $1000 (or alternative rewards)
|
|
- **Medium Severity Vulnerabilities**: $100 - $500 (or alternative rewards)
|
|
- **Low Severity Vulnerabilities**: $50 - $100 (or alternative rewards)
|
|
|
|
(Include criteria for determining the severity)
|
|
|
|
## Reporting Guidelines
|
|
|
|
Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.
|
|
|
|
## Legal Protections
|
|
|
|
Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.
|
|
|
|
## Contacts
|
|
|
|
Provide contact details for researchers to reach out in case of queries or clarifications.
|
|
|