• $200 – $7,000 per vulnerability
  • Safe harbor

Quick update around automated testing

Hi all,

We just added the following guidance to the program brief today; feel free to reach out to if you have any questions!

  1. Please DO NOT use automated vulnerability scanners when testing against the in-scope targets (Zap/Burp/Acunetix/Nikto/Nessus/etc) - all of these tools have already been run, and are run on a recurring basis internally. Running any tools of this nature is largely a waste of your time and resources.
  2. However, you ARE encourage to run any custom scripts or fuzzers that you or have developed (e.g. niche file or directly wordlists, etc); however, please keep your requests using these tools to UNDER 50 requests per second.
  3. In short, we strongly encourage researchers to perform manual testing by hand - this is where you're much more likely to achieve success, and a much better use of your time and resources, as opposed to running common tools that have already been used extensively against the in-scope targets, etc.
  4. Please be aware that Submissions found using pirated software will not be rewarded.
  5. Good luck, and happy hunting!

Additionally, please be aware that this program does not accept out of scope submissions. Testing targets that are out of scope is strictly prohibited.