Bug Bounty Program

Bug Bounty Program

 

Bug bounty program is an initiative by Indian Cyber Security Solutions to encourage young talents to find out and report critical vulnerabilities to Indian Cyber Security Solutions website. We invite all ethical hackers to participate in our bug bounty program and raise the standard of the cyber security industry.  A security researcher who successfully finds and report vulnerability will be awarded with “Hall of Fame Certificate” from Indian Cyber Security Solutions.  

Bug Bounty Program

Welcome Hunters !!

In Scope Item:

*.indiancybersecuritysolutions.com

Focus Area:

Remote Code Execution (RCE)
Web Shell Injection
Different types of Injections (SQLi, XSS, XXE, OS command, LDAP etc.)
Security Misconfigurations
Sensitive Data Exposure
Components with Known Vulnerabilities
Authentication bypass
Insecure direct object references

These vulnerabilities are listed in the OWASP top 10

Out of SCOPE:

 

Self XSS
Descriptive error messages (e.g. stack traces, application or server errors).
Misconfigured or lack of SPF records
Out of date software versions
Content Spoofing
Vulnerabilities that are limited to unsupported browsers will not be accepted. Exploit must work at least on > IE 8.
.htaccess downloadable file without a real security misconfiguration that can have security impact
Login page or one of our websites over HTTP.
Clickjacking or any issue exploitable through clickjacking
Vulnerabilities in our 3rd party partners source code on which we don’t have any control regarding the fix. This vulnerability should be directly reported to the 3rd party host (e.g. Hubspot).
Lack of Secure and HTTPOnly flags.
Weak SSL related issues
Username / Email enumeration
CORS issues without a working PoC
Denial of Services (DoS)
Social Engineering Attack
Cross Site Request Forgery (CSRF) in Contact form

Rules:

 

You are not authorized to disclose vulnerabilities publicly to any person, any media, any public forum before reporting to Indian Cyber Security Solutions.

This program does not offer financial or point-based rewards for information

 

Bug Submission Form 

 

 

Summary
Review Date
Author Rating
51star1star1star1star1star

Show Buttons
Hide Buttons