By participating in this program, you agree to:

• Respect the Community Code of Conduct
• Respect the Intigriti Terms and Conditions
• Respect the scope of the program

Our promise to you

• We will respond to report in ultimately two weeks, probably faster!
• We are happy to respond to any questions, please use the button in the right top corner for this.
• We respect the safe harbour clause that you can find below

Your promise to us

• Please limit the use of automation, as we are looking more for your manual testing output. If you do decide to use automation, please keep in mind a rate limit of 5 requests /second
• Provide detailed but to-the point reproduction steps
• Include a clear attack scenario. How will this affect us exactly?
• Remember: quality over quantity!
• Please do not discuss or post vulnerabilities without our consent (including PoC's on YouTube and Vimeo)
• Please do not use automatic scanners -be creative and do it yourself! We cannot accept any submissions found by using automatic scanners. Scanners also won't improve your skills, and can cause a high server load (we'd like to put our time in thanking researchers rather than blocking their IP's 😉)

We are happy to announce our responsible disclosure program! We've done our best to clean most of our known issues and now would like to request your help to spot the once we missed! We are specifically looking for:

• Leaking of personal data
• Horizontal / vertical privilege escalation
• SQLi
• ...

Feedback
Would you like to help us improve our program or have some feedback to share, please send your anonymous feedback here:

Program feedback link
Please note this form will be checked periodically and should not be used for submission or support queries.

This program follows Intigriti's contextual CVSS standard

PII leakage is very important for us in terms of Business Impact.

Where can we get credentials for the app?

We currently don’t offer any credentials to test user roles.