Contrast Security

  • Points – $2,000 per vulnerability

Program stats

  • Vulnerabilities rewarded 59
  • Validation within 2 days 75% of submissions are accepted or rejected within 2 days

Latest hall of famers

Recently joined this program

Welcome to Contrast Security’s Bug Bounty Program with BugCrowd! We are excited to invite the security community to help us identify and address vulnerabilities in our Secure Code Platform.

Our platform provides Interactive Application Security Testing (IAST), Runtime Application Security Protection (RASP), Static Application Security Testing (SAST), and Software Composition Analysis (SCA) to help organizations secure their applications from cybersecurity threats.

We are looking for researchers to find and report vulnerabilities in our platform, such as:

  • Cross-Site Scripting (XSS)
  • SQL injection (and other injection vulnerabilities)
  • Authentication and Authorization issues
  • Broken Access Control
  • Security Misconfigurations
  • Sensitive Data Leakage
  • Denial of Service (DoS) vulnerabilities

We pay out generous bounties for eligible vulnerabilities, and we're committed to working with researchers to quickly remediate any issues that are discovered.

Join us in our mission to Get Secure Code Moving Faster™ by participating in our bug bounty program. We are excited to see what you can find!

For platform testing, each researcher will be assigned a dedicated test instance.

Please see the Testing Information section below for further details.

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.