Contrast Security

  • Points – $2,000 per vulnerability
  • Safe harbor

Program stats

49 vulnerabilities rewarded

Validation within 3 days
75% of submissions are accepted or rejected within 3 days

$410 average payout (last 3 months)

Latest hall of famers

Recently joined this program


Please note: This program does not allow disclosure. You may not release information about vulnerabilities found in this program to the public.

Contrast Security invites you to test our application security platform providing IAST, RASP, and SCA for applications and APIs.  
Our web interface allows users to log into to download specific language agents and view their security information (such attacks, and libraries) or reporting. The way you interact with Contrast depends on your particular situation, the tools and integrations you employ, or your roles and permissions.  

We appreciate your efforts and hard work in making our assets more resilient, accurate and secure. We look forward to working with the researcher community to create a meaningful and successful program. Good luck and happy hunting!

For platform testing, each researcher will be assigned a dedicated test instance.  
Please see the Testing section for further details.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.