Welcome to Contrast Security’s Bug Bounty Program with BugCrowd! We are excited to invite the security community to help us identify and address vulnerabilities in our Secure Code Platform.

Our platform provides Interactive Application Security Testing (IAST), Runtime Application Security Protection (RASP), Static Application Security Testing (SAST), and Software Composition Analysis (SCA) to help organizations secure their applications from cybersecurity threats.

We are looking for researchers to find and report vulnerabilities in our platform, such as:

• Cross-Site Scripting (XSS)
• SQL injection (and other injection vulnerabilities)
• Authentication and Authorization issues
• Broken Access Control
• Security Misconfigurations
• Sensitive Data Leakage
• Denial of Service (DoS) vulnerabilities

We pay out generous bounties for eligible vulnerabilities, and we're committed to working with researchers to quickly remediate any issues that are discovered.

Join us in our mission to Get Secure Code Moving Faster™ by participating in our bug bounty program. We are excited to see what you can find!

---

For platform testing, each researcher will be assigned a dedicated test instance.

Please see the Testing Information section below for further details.