Security Bug Bounty
Know a vulnerability? Report and get a reward!We prepared an awesome rewards for every hacker, who report a vulnerability bug to us. The purpose of the this program is to quickly discover any vulnerabilities that exist in the RoyalSSL service, and provide our users the most secure service possible.
Bug Bounty Program Rules
Program Rules
Vulnerabilities
- Cross-Site Scripting (XSS)
- Remote Code Execution (RCE)
- Server-Side Request Forgery (SSRF)
- SQL Injection
- Encryption Break
- Authentication Bypass
- Sensitive Information leaks or disclosure
- Payment manipulation
Web Application Firewall
Exclusions
- Denial of service
- Social engineering
- Brute Force attacks
- Cookie attributes not set/Secure flag issues
- Missing SPF records
API & API key related bugs
How to report a bug?
- Send the bug report to security@royalssl.uk, join us on hackerone or use our online form.
- The reports have to be submitted in English.
- Include as much information in your report as you can, including a description of the bug, its potential impact, and steps for reproducing it or proof of concept.
- We will contact you back as soon as possible. In the meanwhile we evaluate your report and get back to you with more information.
Rewards
| Vulnerability | Description | Reward |
|---|---|---|
| Cross-Site Scripting (XSS) | Ability to hijack a session or execute scripts through an XSS attack | € 25,00 |
| Security misconfiguration | Description | € 50,00 |
| SQL-Injection | Ability to access private information through an SQL injection attack | € 1,000 |
Wall of Fame
We would like to thank all our contributors through this wall of fame| No. | Profile | Vulnerability |
|---|---|---|
| 1 | John Cena | Cross-Site Scripting (XSS) / Security misconfiguration |
| 2 | John Travolta | Cross-Site Scripting (XSS) / Security misconfiguration |
| 3 | John Doe | Cross-Site Scripting (XSS) / Security misconfiguration |