cyber-security-resources/bug-bounties/scope_example.md

60 lines
1.5 KiB
Markdown
Raw Permalink Normal View History

2023-09-10 14:14:53 -04:00
# Omar's Bug Bounty Program Scope Template
2023-09-10 14:11:35 -04:00
## Introduction
Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.
## Target Systems
### In-Scope Targets
- **Web Applications**
2023-09-10 14:12:22 -04:00
- app1.websploit.org
- app2.websploit.org
2023-09-10 14:11:35 -04:00
- **Mobile Applications**
- Android App (version x.x and above)
- iOS App (version x.x and above)
- **APIs**
2023-09-10 14:12:22 -04:00
- api.websploit.org/v1/
- api.websploit.org/v2/
2023-09-10 14:11:35 -04:00
### Out-of-Scope Targets
2023-09-10 14:18:48 -04:00
- app3.websploit.org
2023-09-10 14:11:35 -04:00
## Vulnerability Types
### In-Scope Vulnerabilities
- Cross-Site Scripting (XSS)
- SQL Injection
- Cross-Site Request Forgery (CSRF)
- Business Logic Vulnerabilities
### Out-of-Scope Vulnerabilities
- Denial of Service (DoS) attacks
- Social Engineering Attacks
## Reward Structure
- **Critical Vulnerabilities**: $1000 - $5000 (or alternative rewards)
- **High Severity Vulnerabilities**: $500 - $1000 (or alternative rewards)
- **Medium Severity Vulnerabilities**: $100 - $500 (or alternative rewards)
- **Low Severity Vulnerabilities**: $50 - $100 (or alternative rewards)
(Include criteria for determining the severity)
## Reporting Guidelines
Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.
## Legal Protections
Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.
## Contacts
Provide contact details for researchers to reach out in case of queries or clarifications.