h4cker/bug-bounties/scope_example.md
2023-09-10 14:18:48 -04:00

1.5 KiB

Omar's Bug Bounty Program Scope Template

Introduction

Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.

Target Systems

In-Scope Targets

  • Web Applications
    • app1.websploit.org
    • app2.websploit.org
  • Mobile Applications
    • Android App (version x.x and above)
    • iOS App (version x.x and above)
  • APIs
    • api.websploit.org/v1/
    • api.websploit.org/v2/

Out-of-Scope Targets

  • app3.websploit.org

Vulnerability Types

In-Scope Vulnerabilities

  • Cross-Site Scripting (XSS)
  • SQL Injection
  • Cross-Site Request Forgery (CSRF)
  • Business Logic Vulnerabilities

Out-of-Scope Vulnerabilities

  • Denial of Service (DoS) attacks
  • Social Engineering Attacks

Reward Structure

  • Critical Vulnerabilities: $1000 - $5000 (or alternative rewards)
  • High Severity Vulnerabilities: $500 - $1000 (or alternative rewards)
  • Medium Severity Vulnerabilities: $100 - $500 (or alternative rewards)
  • Low Severity Vulnerabilities: $50 - $100 (or alternative rewards)

(Include criteria for determining the severity)

Reporting Guidelines

Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.

Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.

Contacts

Provide contact details for researchers to reach out in case of queries or clarifications.