• $50 – $5,000 per vulnerability
  • Safe harbor

HubSpot Program | New Scope!

We hope your testing is going well. Here is an update that should make things a bit more interesting!

There have been an update on the HubSpot program. We highly recommend you take a look at this additional attack surface – which hopefully means more vulnerabilities! Here is what’s new: (list all updated scope below):

Domains In Scope:


PieSync and HubSpot Integration

PieSync connects HubSpot with other apps for an automatic 2-way contact sync.
Focus on testing the SAML configuration and processing of PieSync with HubSpot, using the "login with HubSpot" option.

Instructions for Creating a PieSync test account with HubSpot

  1. Create a HubSpot portal. Refer to the “Instructions for Creating a HubSpot portal” section of this brief for information on how to do so.

  2. Create a PieSync account on . Sign in to your account using the HubSpot sign in link once you have created a HubSpot portal. Do not use another integration type to sign in.

Out of Scope

Testing PieSync’s syncing capabilities on any app that is not HubSpot CRM, HubSpot Marketing, or HubSpot Service Hub is strictly out of scope.

As always, please see the program brief for the full details around testing. If you have any questions, please reach out to

Get out there and lay claim to those bugs!