Security is our priority & we try all possible efforts to make our website secure. If you are a security researcher and have discovered any security vulnerability in our website, we appreciate your efforts in disclosing it to us in responsible way.
Guidelines for Responsible Disclosure
If you have find any security issue, we request you to immediately contact us via [email protected] or fill below form.
- Please include all details in your reports , with steps to reproduce.
- Perform Research only within the scope.
- Do not destroy any data during your security testing.
What we promise
If you follow all guidelines when reporting to us
- We will not take any legal action against your research.
- Work with you to understand issue resolve as quick as possible.
- To Maintain a good relation with you & recognize your effort on our Security Researcher HoF Page.
The scope of issues are limited to security vulnerabilities in cyberxploits domain.
Web application vulnerabilities related with Owasp Top 10. You must be the first reporter to responsibly disclose the vulnerability and you must follow the responsible disclosure principles set out in this policy, which include giving us a reasonable amount of time to address the vulnerability.
What is not a qualifying vulnerability?
Each submission will depend on impact, but here is a list of some of the issues which non qualifying vulnerabilities:
- UI and UX bugs and spelling mistakes;
- TLS/SSL related issues;
- Vulnerabilities due to out of date browsers or plugins;
- Content-Security Policies (CSP);
- Vulnerabilities in end of life products;
- Lack of secure flag on cookies;
- Vulnerabilities relying on the existence of plugins such as Flash;
- Flaws affecting the users of out-of-date browsers and plugins;
- Security headers missing such as, but not limited to “content-type-options”, “X-XSS-Protection”;
- Vulnerabilities requiring a physical access to mobile devices;
- Use of a known-vulnerable library without proof of exploitability;
- Tap-jacking and UI-redressing attacks that involve tricking the user into tapping a UI element.