- $200 – $4,500 per vulnerability
We appreciate all security concerns brought forth and are constantly striving to keep on top of the latest threats. Being pro-active rather than re-active to emerging security issues is a fundamental belief at Viator.
Every day new security issues and attack vectors are created. Viator strives to keep abreast on the latest state-of-the-art security developments by working with security researchers and companies. We appreciate the community's efforts in creating a more secure world.
We would like to get as broad coverage as possible but we also have to be sensitive to our suppliers, as well as our users, so we would like all testing to be done with an awareness that some actions will directly affect many people outside of our company. For example, a review of a tour which contains incorrect statements about the tour could negatively affect future bookings for that tour and the supplier.
Another example is making test bookings on production for real products and suppliers. The supplier may not necessarily be aware they are test bookings. This can result in unused inventory for the supplier. Accordingly, we request that testers abide by the guidelines below.
Our primary interest is finding security holes. We are not at this time interested in attacks on content quality, vulnerability to spamming, manipulation of tour ratings, or manipulation of user generated content (user submitted tour reviews and photos).
Test booking guidelines:
Whenever making any test bookings, signing up as a partner, or initiating any Live Chats always use BUGCROWD in the name or language
We would request that you keep test bookings to a minimum. But they are possible and necessary to test the payment and post-purchase workflows on our systems.
To make a test booking please follow the following rules...
- Make sure the surname for all travellers is TEST
- Make sure you add "This is a test booking - please ignore" in the Special Requirements field
- Please only book the following product codes:
73111P1, 73111AUTOTEST1, 73111AUTOTEST5, 73111AUTOTEST8, 73111AUTOTEST10-- Note: to use a test product you'll need to search for it directly in the search box on the homepage -- Test products do not return in product searches and are not on any of the listings pages -- URL will look like this: https://www.viator.com/tours/Barcelona/Automated-Test-Product-Only/d562-73111AUTOTEST10
- Make sure it is booked for a date at least 3 months in advance
- Use your own credit card to complete the booking
- Once your testing is complete please go into the booking self service screen and cancel your booking for a full refund to your credit card. Please make sure to do this at least 2 months before the original booking date
To make a test Suppliers through Viator's supplier sign up page, start the supplier name with BUGCROWD
Please make sure to accurately follow the above steps to avoid a charge to your credit card
Scope and rewards
This program follows Bugcrowd’s standard disclosure terms.
For any testing issues (such as broken credentials, inaccessible application, or Bugcrowd Ninja email problems), please email email@example.com. We will address your issue as soon as possible.
This program does not offer financial or point-based rewards for P5 — Informational findings. Learn more about Bugcrowd’s VRT.