We've built a brand-new acceptance environment for you to hack on.
New machines, new load-balancer, clean database, you name it...
This environment will receive new features prior to every new production release.
We are interested in any potential vulnerability that could impact the security of the domains listed above.
Examples of issues we'd like to know about :
- Remote Code Execution
- SQL Injection
- File Inclusion / Directory Traversal
- Cross Site Scripting
- Privilege escalation
- Significant enumeration attacks
With rising privacy awareness and regulations like GDPR, we would also like to known how private our data really is. We would like to learn about every vulnerability we are facing:
- Can users see data of other users?
- Can bad guys enter without credentials?
- Can you do what you are not allowed to do?
- What can you break?
Credentials
Test credentials can be requested when logged in by using the request credentials
button in the upper right corner of our program's page. Only for the customer login panel (https://aweb.suivo.com) credentials will be given.
Suivo has several permission levels (ranked from low to high):
- Driver
- Workshop User
- Historical Access User
- Live Access User
- Power User
- Full Access User
More information about the permission model can be found HERE
You'll receive the credentials for all roles in the following format:
driver | workshop | historicalaccess | liveaccess | poweruser | fullaccess
With these credentials you are able to test horizontal and vertical privilege escalation.