Bug Bounty Program
Bug bounty program is an initiative by Indian Cyber Security Solutions to encourage young talents to find out and report critical vulnerabilities to Indian Cyber Security Solutions website. We invite all ethical hackers to participate in our bug bounty program and raise the standard of the cyber security industry. A security researcher who successfully finds and report vulnerability will be awarded with “Hall of Fame Certificate” from Indian Cyber Security Solutions.
Welcome Hunters !!
In Scope Item:
Remote Code Execution (RCE)
Web Shell Injection
Different types of Injections (SQLi, XSS, XXE, OS command, LDAP etc.)
Sensitive Data Exposure
Components with Known Vulnerabilities
Insecure direct object references
These vulnerabilities are listed in the OWASP top 10
Out of SCOPE:
Descriptive error messages (e.g. stack traces, application or server errors).
Misconfigured or lack of SPF records
Out of date software versions
Vulnerabilities that are limited to unsupported browsers will not be accepted. Exploit must work at least on > IE 8.
.htaccess downloadable file without a real security misconfiguration that can have security impact
Login page or one of our websites over HTTP.
Clickjacking or any issue exploitable through clickjacking
Vulnerabilities in our 3rd party partners source code on which we don’t have any control regarding the fix. This vulnerability should be directly reported to the 3rd party host (e.g. Hubspot).
Lack of Secure and HTTPOnly flags.
Weak SSL related issues
Username / Email enumeration
CORS issues without a working PoC
Denial of Services (DoS)
Social Engineering Attack
Cross Site Request Forgery (CSRF) in Contact form
You are not authorized to disclose vulnerabilities publicly to any person, any media, any public forum before reporting to Indian Cyber Security Solutions.
This program does not offer financial or point-based rewards for information
Bug Submission Form
[contact-form-7 404 "Not Found"]