cyber-security-resources/bug-bounties/scope_example.md

# Bug Bounty Program Scope

## Introduction

Briefly describe the objectives of your bug bounty program and what you hope to achieve through it.

## Target Systems

### In-Scope Targets

- **Web Applications**
  - app1.websploit.org
  - app2.websploit.org
- **Mobile Applications**
  - Android App (version x.x and above)
  - iOS App (version x.x and above)
- **APIs**
  - api.websploit.org/v1/
  - api.websploit.org/v2/

### Out-of-Scope Targets

- Internal Systems (192.168.x.x)
- Third-party Applications or Plugins
- Subdomain3.websploit.org

## Vulnerability Types

### In-Scope Vulnerabilities

- Cross-Site Scripting (XSS)
- SQL Injection
- Cross-Site Request Forgery (CSRF)
- Business Logic Vulnerabilities

### Out-of-Scope Vulnerabilities

- Denial of Service (DoS) attacks
- Social Engineering Attacks
- Physical Attacks

## Testing Methods

- Automated Scanning (Specify permitted tools)
- Manual Code Review
- Penetration Testing (Specify guidelines)

## Reward Structure

- **Critical Vulnerabilities**: $1000 - $5000 (or alternative rewards)
- **High Severity Vulnerabilities**: $500 - $1000 (or alternative rewards)
- **Medium Severity Vulnerabilities**: $100 - $500 (or alternative rewards)
- **Low Severity Vulnerabilities**: $50 - $100 (or alternative rewards)

(Include criteria for determining the severity)

## Reporting Guidelines

Provide details on how the researchers should report the vulnerabilities, the format of the report, and the information required.

## Legal Protections

Outlining the legal protections available for the researchers, including terms and conditions that govern the responsible disclosure of vulnerabilities.

## Contacts

Provide contact details for researchers to reach out in case of queries or clarifications.