h4cker/bug-bounties/scope_example.md
2023-09-10 14:12:22 -04:00

68 lines
1.7 KiB
Markdown

# Bug Bounty Program Scope
## Introduction
Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.
## Target Systems
### In-Scope Targets
- **Web Applications**
- app1.websploit.org
- app2.websploit.org
- **Mobile Applications**
- Android App (version x.x and above)
- iOS App (version x.x and above)
- **APIs**
- api.websploit.org/v1/
- api.websploit.org/v2/
### Out-of-Scope Targets
- Internal Systems (192.168.x.x)
- Third-party Applications or Plugins
- Subdomain3.websploit.org
## Vulnerability Types
### In-Scope Vulnerabilities
- Cross-Site Scripting (XSS)
- SQL Injection
- Cross-Site Request Forgery (CSRF)
- Business Logic Vulnerabilities
### Out-of-Scope Vulnerabilities
- Denial of Service (DoS) attacks
- Social Engineering Attacks
- Physical Attacks
## Testing Methods
- Automated Scanning (Specify permitted tools)
- Manual Code Review
- Penetration Testing (Specify guidelines)
## Reward Structure
- **Critical Vulnerabilities**: $1000 - $5000 (or alternative rewards)
- **High Severity Vulnerabilities**: $500 - $1000 (or alternative rewards)
- **Medium Severity Vulnerabilities**: $100 - $500 (or alternative rewards)
- **Low Severity Vulnerabilities**: $50 - $100 (or alternative rewards)
(Include criteria for determining the severity)
## Reporting Guidelines
Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.
## Legal Protections
Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.
## Contacts
Provide contact details for researchers to reach out in case of queries or clarifications.