• Points – $1,000 per vulnerability
  • Safe harbor

Program stats

  • Vulnerabilities rewarded 29
  • Validation within about 3 hours 75% of submissions are accepted or rejected within about 3 hours

Latest hall of famers

Recently joined this program

70 total

The Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. It's also a great tool for experienced pen testers to use for manual security testing.


Remote Code Execution for this program will be rewarded at $1000. Happy hunting!

Scope and rewards

Program rules

This program follows Bugcrowd’s standard disclosure terms.

For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please submit through the Bugcrowd Support Portal. We will address your issue as soon as possible.

This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.

This bounty requires explicit permission to disclose the results of a submission.