cyber-security-resources/bug-bounties/scope_example.md

# Omar's Bug Bounty Program Scope Template

## Introduction

Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.

## Target Systems

### In-Scope Targets

- **Web Applications**
  - app1.websploit.org
  - app2.websploit.org
- **Mobile Applications**
  - Android App (version x.x and above)
  - iOS App (version x.x and above)
- **APIs**
  - api.websploit.org/v1/
  - api.websploit.org/v2/

### Out-of-Scope Targets

- app3.websploit.org

## Vulnerability Types

### In-Scope Vulnerabilities

- Cross-Site Scripting (XSS)
- SQL Injection
- Cross-Site Request Forgery (CSRF)
- Business Logic Vulnerabilities

### Out-of-Scope Vulnerabilities

- Denial of Service (DoS) attacks
- Social Engineering Attacks

## Reward Structure

- **Critical Vulnerabilities**: $1000 - $5000 (or alternative rewards)
- **High Severity Vulnerabilities**: $500 - $1000 (or alternative rewards)
- **Medium Severity Vulnerabilities**: $100 - $500 (or alternative rewards)
- **Low Severity Vulnerabilities**: $50 - $100 (or alternative rewards)

(Include criteria for determining the severity)

## Reporting Guidelines

Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.

## Legal Protections

Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.

## Contacts

Provide contact details for researchers to reach out in case of queries or clarifications.
Update scope_example.md 2023-09-10 18:14:53 +00:00			`# Omar's Bug Bounty Program Scope Template`
Create scope_example.md 2023-09-10 18:11:35 +00:00
			`## Introduction`

			`Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.`

			`## Target Systems`

			`### In-Scope Targets`

			`- Web Applications`
Update scope_example.md 2023-09-10 18:12:22 +00:00			`- app1.websploit.org`
			`- app2.websploit.org`
Create scope_example.md 2023-09-10 18:11:35 +00:00			`- Mobile Applications`
			`- Android App (version x.x and above)`
			`- iOS App (version x.x and above)`
			`- APIs`
Update scope_example.md 2023-09-10 18:12:22 +00:00			`- api.websploit.org/v1/`
			`- api.websploit.org/v2/`
Create scope_example.md 2023-09-10 18:11:35 +00:00
			`### Out-of-Scope Targets`

Update scope_example.md 2023-09-10 18:18:48 +00:00			`- app3.websploit.org`
Create scope_example.md 2023-09-10 18:11:35 +00:00
			`## Vulnerability Types`

			`### In-Scope Vulnerabilities`

			`- Cross-Site Scripting (XSS)`
			`- SQL Injection`
			`- Cross-Site Request Forgery (CSRF)`
			`- Business Logic Vulnerabilities`

			`### Out-of-Scope Vulnerabilities`

			`- Denial of Service (DoS) attacks`
			`- Social Engineering Attacks`

			`## Reward Structure`

			`- Critical Vulnerabilities: $1000 - $5000 (or alternative rewards)`
			`- High Severity Vulnerabilities: $500 - $1000 (or alternative rewards)`
			`- Medium Severity Vulnerabilities: $100 - $500 (or alternative rewards)`
			`- Low Severity Vulnerabilities: $50 - $100 (or alternative rewards)`

			`(Include criteria for determining the severity)`

			`## Reporting Guidelines`

			`Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.`

			`## Legal Protections`

			`Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.`

			`## Contacts`

			`Provide contact details for researchers to reach out in case of queries or clarifications.`