Opsgenie

  • $200 – $4,000 per vulnerability
  • Safe harbor
  • Managed by Bugcrowd

Program stats

117 vulnerabilities rewarded

Validation within 5 days
75% of submissions are accepted or rejected within 5 days

$350 average payout (last 3 months)

Latest hall of famers

Recently joined this program

Opsgenie is a modern incident management platform for operating always-on services, empowering Dev & Ops teams to plan for service disruptions and stay in control during incidents. With over 200 deep integrations and a highly flexible rules engine, Opsgenie centralizes alerts, notifies the right people reliably, and enables them to collaborate and take rapid action. Throughout the entire incident lifecycle, Opsgenie tracks all activity and provides actionable insights to improve productivity and drive continuous operational efficiencies.

Get Started (tl;dr version)

  • Testing for Opsgenie is ONLY to be performed on https://app.opsgeni.us.
  • Do not access, impact, destroy or otherwise negatively impact Opsgenie customers, or customer data in anyway.
  • Ensure that you use your @bugcrowdninja.com email address.
  • Ensure you understand the targets, scopes, exclusions, and rules below.
  • Application tests should be done against Opsgenie Lab , a clone of Opsgenie Production with no customer data in it.
    • No testing should be performed against *.opsgenie.com, *.opsgenie.net unless explicitly requested.
    • Note: Any link you click on https://docs.opsgenie.com will make you land on opsgenie.com which is production Opsgenie, please make sure you are testing on *.opsgeni.us domains.
    • Note: Mobile apps by default will connect to out of scope domains. See the note below about mobile apps.

Quick Links

Focus Areas

  • Authentication
  • Session Management
  • HTTP and Cookie Security
  • Multi Tenant Data Leakage/Access
  • Server-side Remote Code Execution (RCE)
  • Server-Side Request Forgery (SSRF)
  • Stored/Reflected Cross-site Scripting (XSS)
  • Injection
  • XML External Entity Attacks (XXE)
  • Access Control & Authorization Vulnerabilities
  • Path/Directory Traversal Issues
  • File Upload & File hosting

Ensure you review the out of scope and exclusions list for further details.
** Cross Instance Data Leakage/Access refers to unauthorised data access between instances.

Creating Your Instance

Researchers can sign up here: https://app.opsgeni.us/customer/register
Note: Remember to use your @bugcrowdninja.com email address

!! Do not forget to verify your account by clicking on the link via email, some features will not work until verification done. !!

Next page is a nice onboarding wizard which presents users with different features in Opsgenie, by following the wizard, new signups can have a fast onboarding experience.
You can get a paid account using the following credit card details:
Credit Card number: 4242 4242 4242 4242
Exp: Any date in the future
CVV: any three digits

Additional documents:

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email support@bugcrowd.com. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.