USAA
- $100 – $6,000 per vulnerability
New Targets Added!
More Web, and API, targets have been added to the USAA program. Here is what’s new:
| Fresh Targets |
|---|
| <api-life.usaa.com> |
| <authn.usaa.com> |
| <contentapi.usaa.com> |
| <external.connect.usaa.com> |
| <mcontentapi.usaa.com> |
| <mstatic.usaa.com> |
| <static.usaa.com> |
| <utvqa.usaa.com> |
| <vanityocp.usaa.com> |
| <vww2.usaa.com> |
As a friendly reminder, the primary targets now carry higher reward ranges as we understand that through your research and reports these have become harder to hunt. Also there may be 3rd party applications that the USAA uses but can not authorized testing for and while they do appreciate the reports they will review them on a case by case basis but want to reiterate that they may not be eligible for reward. Please review the brief for full details and reach out to support@bugcrowd.com if you have any issues.
Get out there and lay claim to those bugs!
Sarah_Bugcrowd