SecurityInfinity Bug Bounty

Help us keep SecurityInfinity secure. Report vulnerabilities and earn rewards.

Submit Vulnerability View All Programs

$50K+

Total Bounties Paid

127

Valid Reports

Hall of Fame

<48h

Avg. Response Time

Rewards

Severity	Bounty	Additional Rewards
Critical	$5,000 - $15,000	Premium swag pack + Hall of Fame
High	$1,000 - $5,000	Swag pack + Hall of Fame
Medium	$250 - $1,000	T-shirt + Hall of Fame
Low	$50 - $250	Stickers + Hall of Fame
Informational	-	Hall of Fame mention

In Scope

ASSETS

*.securityinfinity.com

All subdomains of securityinfinity.com

api.securityinfinity.com

API endpoints

app.securityinfinity.com

Main application

SecurityInfinity Mobile Apps

iOS and Android applications

VULNERABILITY TYPES

Remote Code Execution (RCE)
SQL Injection
Server-Side Request Forgery (SSRF)
Authentication Bypass
Authorization Issues (IDOR, Privilege Escalation)
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Sensitive Data Exposure
Security Misconfiguration
Insecure Direct Object References

Out of Scope

Self-XSS without chaining
Missing security headers without demonstrable impact
Clickjacking without sensitive actions
CSRF on non-sensitive endpoints
Rate limiting issues (unless leading to account takeover)
Denial of Service attacks
Social engineering attacks
Physical attacks
Attacks on third-party services

Program Guidelines

Safe Harbor

Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.

Responsible Disclosure

Do not publicly disclose any vulnerabilities before we have had a chance to address them. We ask for a minimum of 90 days before public disclosure. If you believe a vulnerability needs to be disclosed sooner, please discuss with our team first.

Testing Requirements

Do not access, modify, or delete data belonging to other users
Do not perform denial of service attacks
Do not use automated tools that generate excessive traffic
Only test on accounts you own or have explicit permission to test
Report vulnerabilities as soon as possible after discovery

Severity

Bounty

Additional Rewards

Critical

$5,000 - $15,000

Premium swag pack + Hall of Fame

High

$1,000 - $5,000

Swag pack + Hall of Fame

Medium

$250 - $1,000

T-shirt + Hall of Fame

Low

$50 - $250

Stickers + Hall of Fame

Informational

Hall of Fame mention

In Scope

ASSETS

*.securityinfinity.com

All subdomains of securityinfinity.com

api.securityinfinity.com

API endpoints

app.securityinfinity.com

Main application

SecurityInfinity Mobile Apps

iOS and Android applications

VULNERABILITY TYPES

Remote Code Execution (RCE)
SQL Injection
Server-Side Request Forgery (SSRF)
Authentication Bypass
Authorization Issues (IDOR, Privilege Escalation)
Cross-Site Scripting (XSS)
Cross-Site Request Forgery (CSRF)
Sensitive Data Exposure
Security Misconfiguration
Insecure Direct Object References

Out of Scope

Self-XSS without chaining

Missing security headers without demonstrable impact

Clickjacking without sensitive actions

CSRF on non-sensitive endpoints

Rate limiting issues (unless leading to account takeover)

Denial of Service attacks

Social engineering attacks

Physical attacks

Attacks on third-party services

Program Guidelines

Safe Harbor

Responsible Disclosure

Testing Requirements

Do not access, modify, or delete data belonging to other users
Do not perform denial of service attacks
Do not use automated tools that generate excessive traffic
Only test on accounts you own or have explicit permission to test
Report vulnerabilities as soon as possible after discovery