diff --git a/lib/bounty-targets/intigriti.rb b/lib/bounty-targets/intigriti.rb index 2e0557a..733fd38 100644 --- a/lib/bounty-targets/intigriti.rb +++ b/lib/bounty-targets/intigriti.rb @@ -3,6 +3,7 @@ require 'json' require 'ssrf_filter' require 'uri' +require 'nokogiri' module BountyTargets class Intigriti @@ -49,10 +50,9 @@ def encode(component) end def directory_index - page = SsrfFilter.get(::URI.parse('https://www.intigriti.com/programs')).body - tag = page.match(%r{/_next/static/([^/]+)/_buildManifest.js})[1] - programs = ::JSON.parse(SsrfFilter.get(::URI.parse("https://www.intigriti.com/_next/data/#{tag}/en/programs.json")).body) - programs['pageProps']['programs'].map do |program| + page = ::Nokogiri::HTML(SsrfFilter.get(::URI.parse('https://www.intigriti.com/programs')).body) + programs = JSON.parse(page.css('#__NEXT_DATA__').inner_text)['props']['pageProps']['programs'] + programs.map do |program| { id: program['programId'], name: program['name'], diff --git a/spec/bounty-targets/intigriti_spec.rb b/spec/bounty-targets/intigriti_spec.rb index 8d7a520..6ee0872 100644 --- a/spec/bounty-targets/intigriti_spec.rb +++ b/spec/bounty-targets/intigriti_spec.rb @@ -8,11 +8,8 @@ end it 'fetches a list of programs' do - programs = File.read('spec/fixtures/intigriti/programs.json') - tag = '123' + programs = File.read('spec/fixtures/intigriti/programs.html') stub_request(:get, %r{/programs}).with(headers: {host: 'www.intigriti.com'}) - .to_return(status: 200, body: "/_next/static/#{tag}/_buildManifest.js") - stub_request(:get, %r{/_next/data/#{tag}/en/programs.json}).with(headers: {host: 'www.intigriti.com'}) .to_return(status: 200, body: programs) expect(client.directory_index).to eq( [ @@ -22,20 +19,20 @@ handle: 'doccle', id: '12715f4b-d10e-415f-a309-6ab042f6158a', status: 'open', - tacRequired: true, - twoFactorRequired: nil, + tacRequired: false, + twoFactorRequired: false, url: 'https://www.intigriti.com/programs/doccle/doccle/detail', - max_bounty: {'currency' => 'EUR', 'value' => 2500}, + max_bounty: {'currency' => 'EUR', 'value' => 4000}, min_bounty: {'currency' => 'EUR', 'value' => 0}, - name: 'Doccle' + name: 'Doccle Bug Bounty program' }, { company_handle: 'bpost', - confidentiality_level: 'application', + confidentiality_level: 'public', handle: 'e-tracker', id: 'a09e497e-fd75-4b56-afa0-7a6689389b76', tacRequired: false, - twoFactorRequired: nil, + twoFactorRequired: false, max_bounty: {'currency' => 'EUR', 'value' => 0}, min_bounty: {'currency' => 'EUR', 'value' => 0}, name: 'e-tracker', diff --git a/spec/fixtures/intigriti/programs.html b/spec/fixtures/intigriti/programs.html new file mode 100644 index 0000000..1fb2860 --- /dev/null +++ b/spec/fixtures/intigriti/programs.html @@ -0,0 +1,216 @@ + +Public Programs | Intigriti

Bug Bounty Programs

Below is a list of public bug bounty programs. Through a bug bounty program, companies can tap into a global network of ethical hackers who continuously test a wide range of digital assets within the defined scope.

Bug bounty programs reward ethical hackers with financial incentives when valid vulnerabilities are discovered.

Application Required

Sustainable

Doccle Bug Bounty program

Doccle Bug Bounty program

Up to €4,000

Doccle, founded in 2014, is a Belgian company that hosts an online platform where you can receive, pay, share and store your administration in one place. You can add several suppliers to your Doccle account in a few mouse clicks. This way, you will receive all documents in one place. You can also pay, sign or share them via Doccle. All your documents are securely stored in your digital archive. The more companies you add, the more documents you will receive.

Application Required

Newpharma

Newpharma

€50€5,000

Newpharma is the largest online pharmacy in Belgium. It was the first to dispense medicines over the internet without a prescription in Belgium. Newpharma also offers you a broad range of drugstore products: cosmetics, natural and well-being products and specialist products for babies, children or the elderly at low prices throughout the year. + + Important note: Please limit your automated tools to 1 request/sec. DDoS or brute force attacks are strictly forbidden!
Capital.com

Capital.com

Up to €10,000

Capital.com, voted ‘Most Innovative Tech 2021’ by TradingView is a multi-award winning global investment trading platform authorised and regulated by the UK’s Financial Conduct Authority, the Cyprus Securities and Exchange Commission, and the Australian Securities and Investments Commission. Recognised for its quality 24/7 customer support, seamless trading experience and competitive fees, Capital.com is a fast-emerging leader in the European leveraged trading industry.
vidaXL

vidaXL

Up to €2,000

vidaXL is a rapidly growing international online retailer. Our success is based on our belief that things can always be better and cheaper: ‘Expect more’. Because nobody likes to pay too much for products. We are continually expanding our product range and offer the best products for the best price. We like to go the extra mile for our customers by improving popular products and making them even cheaper. + + https://corporate.vidaxl.com/about-us/
Water-Link

Water-Link

€50€5,000

All life needs water. + Both people, their company and their environment must at all times have water in the right quantity, of the right quality, at the right time. This water must be supplied within the safety of well-thought-out infrastructures for supply and discharge of water. + + Water-link wants to inspire everyone to fully tap into the strengths of water. + + Water-link is a Flemish public organisation that directly or indirecty provides drink water to more than 3 million people.
Universitätsspital Zürich VDP

Universitätsspital Zürich VDP

Responsible Disclosure

VULNERABILITY DISCLOSURE PROGRAM (VDP) + Above all else, University Hospital Zurich is committed to the care and improvement of human life. Part of that mission is to protect our patients, people, systems, and facilities. We want encourage security researchers to feel comfortable reporting vulnerabilities they’ve discovered to us in good faith. +

Sustainable

Visma

Visma

€100€7,500

Visma delivers software that simplifies and digitizes core business processes in the private and public sector. With presence across the entire Nordic region along with Benelux, Central and Eastern Europe, we are one of Europe’s leading software companies. + We want to engage with responsible security researchers around the globe to further secure our services. No code is flawless and we believe that taking part in the Intigriti community can help us improve the security of our systems.
Oda

Oda

€75€4,000

Oda.com and Mathem.se is the leading online grocery storesin Norway and Sweden.
Grafana Labs

Grafana Labs

$10$15,000

Grafana Labs is the company behind Grafana, Loki, Mimir and Tempo, the leading open source software for visualizing operational data. + + We are thrilled to invite you to participate in our bug bounty program in partnership with Grafana Labs' security team. Before beginning your research, we kindly request that you carefully review this program's scope. This will ensure that your efforts align with our objectives and that you receive proper compensation for any findings that meet the program's criteria. Happy hacking!

Sustainable

Visma Responsible Disclosure

Visma Responsible Disclosure

Responsible Disclosure

Visma delivers software that simplifies and digitizes core business processes in the private and public sector. With presence across the entire Nordic region along with Benelux, Central and Eastern Europe, we are one of Europe’s leading software companies. + We want to engage with responsible security researchers around the globe to further secure our services. This program is dedicated for all Visma assets (services, products, web properties).
Kiwa Vulnerability Disclosure Program

Kiwa Vulnerability Disclosure Program

Responsible Disclosure

Kiwa is an autonomous global organization in Testing, Inspection and Certification (TIC), training and consultancy services. We create trust by contributing to the transparency of the quality, safety and sustainability of your organization’s products, services, processes, systems and employees, as well as personal and environmental performance. You have the ambition and we help you to go forward! +
Robinhood Bug Bounty Program

Robinhood Bug Bounty Program

$100$50,000

Democratizing America’s financial system. Invest in stocks, ETFs, options, and cryptocurrencies commission-free. Disclosure: https://robinhood.com/legal + +
Uphold.com

Uphold.com

Up to €6,000

At Uphold, we make it easy to buy and sell any major digital currency. You can invest, transfer or send/receive between many cryptocurrencies, traditional currencies and precious metals. Our digital money app is slick, easy, and secure.
Say Technologies Bug Bounty Program

Say Technologies Bug Bounty Program

Up to $10,000

Say unlocks the power of investor communications by working with broker-dealers to connect shareholders with the public companies they invest in. + +

Sustainable

The Coca-Cola Company Vulnerability Disclosure Program

The Coca-Cola Company Vulnerability Disclosure Program

Responsible Disclosure

The Coca-Cola Company is proud of our researcher community and the impactful findings they have provided over the years. We are bringing our VDP program to Intigriti to further our community growth and provide some exciting changes around our VDP reward structure. + + For more information about VDP rewards, please see the FAQ section below. + +
Ubisoft VDP

Ubisoft VDP

Responsible Disclosure

Ubisoft is a leading video game company, the creators of original and immersive worlds like Assassin's Creed, Far Cry, The Crew, Rainbow Six and Watch Dogs. + + We welcome the reporting of security vulnerabilities that would help us protect our players and assets.
Allegro

Allegro

€100€3,500

Allegro sp. z o.o. (hereinafter referred to as “Allegro”) is a leading online marketplace platform in Poland offering a wide range of products across various categories. Allegro provides a secure, user-friendly interface for customers to shop and sellers to list their items. + At Allegro we take security seriously and we believe that working with skilled security researchers is crucial in identifying weaknesses. If you have found a security issue in our service, we encourage you to notify us.
DigitalOcean

DigitalOcean

$100$10,000

DigitalOcean, LLC. is an American multinational technology company and cloud service provider. DigitalOcean simplifies cloud computing so developers and businesses can spend more time building software that changes the world.
Cloudways by DigitalOcean

Cloudways by DigitalOcean

$50$4,000

Cloudways by DigitalOcean is a managed web hosting platform that specialises in providing an easy-to-manage environment for web applications.
Citymesh Responsible Vulnerability Disclosure Program

Citymesh Responsible Vulnerability Disclosure Program

Responsible Disclosure

Welcome to the Responsible Vulnerability Disclosure Program of Citymesh. + + Citymesh is one of the Telecommunication Operators in Belgium. Citymesh helps its customers with the implementation, integration, and maintenance of network infrastructure. Citymesh wants to offer its customers quality connectivity solutions that help them achieve their business goals.
e-tracker

e-tracker

Responsible Disclosure

This is an application which is accessed by bpost contractual customers like Amazon, zalando who can login and track the parcels history which was announced by them to bpost for handling. + Only the specific logged in senders can view thier own parcel status, not cross sender accounts.
BMW Group Automotive

BMW Group Automotive

€100€15,000

The BMW Group looks forward to working with the security community to find vulnerabilities in order to keep its products and customers safe and secure. We are committed to working with you to verify, reproduce, and respond to legitimate reported vulnerabilities covered by this policy. Within this program bounties can be received by reporting vulnerabilities that are in the scope of program and marked as “Eligible”. Please take note of the current scope outlined below.
BMW Group

BMW Group

€150€6,000

The BMW Group is the world's leading provider of premium cars and motorcycles and the home of the BMW, MINI, Rolls-Royce and BMW Motorrad brands. Our vehicles and products are tailored to the needs of our customers and constantly enhanced. We place special emphasis on the security, integrity and availability of our data and systems and thus also on those of our customers, employees and partners.
House of HR Vulnerability Disclosure Program

House of HR Vulnerability Disclosure Program

Responsible Disclosure

House of HR is a leading HR services group active all over Europe. Our entrepreneurial spirit drives us to provide specialized solutions in two key segments: Specialized Talent Solutions and Engineering & Consulting. Our decentralized model empowers rapid decision-making across our Powerhouses. + + If you find a security bug in one of our apps, this is the place to report it! + + Happy hunting! 🏹
Axel Springer SE Vulnerability Disclosure Program

Axel Springer SE Vulnerability Disclosure Program

Responsible Disclosure

Axel Springer SE, headquartered in Berlin, is a leading digital publisher known for its wide range of news outlets, magazines, and classifieds. Embracing digital innovation and transformation, the company prioritizes data protection and system integrity. + + To bolster its digital ecosystem's security, Axel Springer runs a vulnerability disclosure bug bounty program, encouraging cybersecurity experts to find and report vulnerabilities in its digital environment.
9altitudes - Vulnerability Disclosure Program

9altitudes - Vulnerability Disclosure Program

Responsible Disclosure

The 9altitudes Vulnerability Disclosure Program (VDP) program to review no-bounty assets. + + 9altitudes is a European player with the main office in Belgium providing digital transformation for our customers focused on 3 main industry clusters – manufacturing, services, and wholesale & distribution. As a Microsoft Gold partner, we are mostly Microsoft-oriented with some own-IP and are an ever-expending organization by way of merge & acquisition.
Orbia Responsible Disclosure

Orbia Responsible Disclosure

Responsible Disclosure

Orbia is a purpose-led manufacturing group of companies, passionate about the challenges that define how people will live and thrive tomorrow to deliver strategic, collaborative, and human-centered solutions. As part of our commitment to security, we invite researchers to participate in the disclosure program, helping us ensure protection of our systems. + + Join us in identifying and reporting vulnerabilities to maintain the highest standards of security for our customers and partners.
CM.com

CM.com

€25€3,500

CM.com is a listed company that provides Conversational Commerce services from its hybrid cloud platform with in-house developed software. + + CM.com’s customer base is spread over 118 countries, generating messages to more than 220 destinations. + + Customers include Tier 1 enterprises, government agencies, as well as small and medium sized enterprises. + + We offer API's for most of our products. You may find the documentation here: https://developers.cm.com
Skoda Auto Bug Bounty Program

Skoda Auto Bug Bounty Program

€200€5,000

This Bug Bounty program is an official and first program run by Škoda Auto a.s. + + It is focused on the newest version of MyŠkoda mobile application available for iOS and Android. + + We appreciate the possibility to work with you either remotely or by joining us at the factory and testing the app within our cars! + + In advance, we thank you for your time and invite you to step into the era of a proactive approach to cyber security together! + + Škoda Auto a.s.
Driessen Vulnerability Disclosure Program

Driessen Vulnerability Disclosure Program

Responsible Disclosure

Driessen is a staffing agency for government, education and other vital sectors. We have been working exclusively for vital sectors for 30 years, making us one of the largest staffing agencies in the Netherlands. On our platform users can manage their jobs and employees (for employers). For example: candidates can find jobs and apply; employees can see payslips and send in declarations; employers can open a new job with a new vacancy or a payroll request.
Personio

Personio

€50€5,000

Personio is Europe's leading HR Software for SMEs - your one-stop HR solution with automated processes, seamless integrations, and data-driven insights. Our Security Team knows that a solid Bounty Program helps build customer trust in our platform. So we are looking forward to working with you to help hold our platform up to the highest of standards.
Libelle

Libelle

Up to €2,000

Libelle.nl is the online platform for everything women want to know, from personal stories, the latest news about health & psyche to household tips and trends & videos that you should not miss.

Sustainable

Sqills

Sqills

Up to €2,500

Sqills provides the leading inventory, reservation, and ticketing system for the bus and rail industry – S3 Passenger. At Sqills we are on a constant journey of innovation, discovery and global market leadership. + + Our corporate website provides general information about Sqills. +
Torfs

Torfs

€25€6,500

Torfs - the well-known shoe retailer in Belgium - is still a 100% family business today. This family character guarantees a number of important values within the company where employees are central. A head office in Sint-Niklaas and a spectacular distribution center in Temse offer support to the points of sale and customers of the E-Commerce website. With more than 80 stores in Flanders, 2 shops in the French part of Belgium and a growing online shop in Belgium, The Netherlands and several marketplaces, Torfs wants to be and remain the most customer-friendly optichannel shoe store chain.
DPG Media

DPG Media

Up to €300

DPG Media is a leading media group in Flanders, Netherlands and Denmark that knows how to touch viewers, surfers, readers and listeners with impressive stories, lightning fast news and sparkling entertainment.
VTM GO

VTM GO

Up to €2,000

VTM GO offers a lot of strong Flemish and exclusive international series & films for free. From news and news to the most powerful fiction and reality shows.
Online enrollment for students Bug Bounty Program

Online enrollment for students Bug Bounty Program

Up to €2,000

The online enrollments application allows students to apply for educational programs at the university or at university colleges. + + Every year approximately 40.000 applicants enter their personal information and educational preferences into this application. + + We challenge you to find the bugs in our online enrollment application.
Red Bull

Red Bull

Responsible Disclosure

Red Bull appreciates the work of security researchers to make the internet a better - and more secure - place. Even though we aim to prevent security issues by applying state-of-the art development and operations processes, systems and technical services outside our direct control might have vulnerabilities and weaknesses and we aim to identify and address those before any negative impact occurs. + + As appreciation we have a unique reward system in place, please see FAQ for more information.
Tomorrowland

Tomorrowland

Up to €2,500

Tomorrowland is one of the most-loved and best-known music festivals on the planet. Because of this Tomorrowland usually sells out in minutes and manages a large fanbase. Tomorrowland also innovates by providing its visitors cashless onsite payments and a wide range of online services. This has increased Tomorrowland's digital footprint. We value all help we can get securing this digital footprint.

Sustainable

UZ Leuven

UZ Leuven

€50€5,000

UZ Leuven is a university hospital where patients can count on specialised care and innovative treatments, combined with humane attention and respect for every person. + Every day, almost 10,000 passionate employees provide the best possible custom-made care. + Future care providers and employees receive high-quality training in UZ Leuven, with a view lifelong learning and innovation. As a pioneer in clinical research, the hospital also contributes to future patient care.
Lansweeper

Lansweeper

€50€6,000

Lansweeper is an IT asset management software provider helping businesses better understand, manage and protect their IT devices and network. Lansweeper helps customers minimize risks and optimize their IT assets by providing actionable insight into their IT infrastructure at all times, offering trustworthy, valuable, and accurate insights about the state of users, devices, and software.
Bpost

Bpost

Up to €1,500

The purpose of this website is to publish general information about bpost and its subsidiaries and their respective activities.
Het Parool

Het Parool

Up to €2,000

Het Parool is a Dutch regional newspaper that started in the Second World War as a social-democratic tinted resistance newspaper.
Humo

Humo

Up to €2,000

Humo brings high-profile cover stories and revealing interviews and files. And that with a characteristic approach: reliable information, a critical attitude and a sense of humor and self-relativity. The reader is treated every week on articles about television, society, sports, culture and pop, sharp columns and quirky discussions of TV programs, books, films and music.
Tempo-Team

Tempo-Team

Responsible Disclosure

Tempo-Team offers daily new and varied jobs for every level and field.
Kinepolis Group

Kinepolis Group

Up to €5,000

Our website is a way to inform and inspire customers about the latest and brightest. It allows to: + • Get up to date information about the movies and events we offer; + • Choose your favorite movie theater, pick a date and time; + • Buy tickets and enhance your experience by choosing for ‘cozy seat’ instead of our normal seats. Just in case you want to have a ‘cozy night’ with your significant other! + + Cry of laughter or maybe some scary movies are your favorite ones. Via a My Kinepolis account we target movies and unique promotions based on your preferences. + + While researching our website you can already explore our schedule and plan your next trip to one of our movie theaters. We are ready to be challenged!
EURid

EURid

Up to €6,000

EURid vzw is the registry operator of the .eu, .ею (Cyrillic script) and .ευ (Greek script) country code top-level domains (ccTLD) upon the appointment of the European Commission since 2003. As the registry operator, our biggest concern and priority is the stability and security of the .eu namespace. + + We also develop and maintain YADIFA since 2012, a lightweight authoritative Name Server with DNSSEC capabilities. +

Sustainable

Suivo bug bounty

Suivo bug bounty

Up to €2,000

The Suivo Web Platform provides access to Tracking data from vehicles equiped with Suivo hardware. The platform is built around 4 components: + + - Real-time Tracking data + - Analytics based on historical Tracking data, both in a web view en generated reports + - Communication: tasks and messages + - Fleet management (Maintenance planning etc.)
Cross Border Fines

Cross Border Fines

€100€3,000

The application that coordinates the sending of the traffic fines document to the citizens and the reconciliation of the payments.

Sustainable

Port of Antwerp-Bruges

Port of Antwerp-Bruges

Up to €3,500

The Antwerp-Bruges Port Authority has a key role in the port's day-to-day operation. The Port Authority manages and maintains the docks, the bridges, the locks, the quay walls and the land. The personnel is also responsible for safe shipping traffic in the docks, the bridges and locks. In addition, the Port Authority provides tugs and cranes, carries out dredging work and promotes the port at home and abroad.
Twago

Twago

Responsible Disclosure

twago operates itprojects.talent-community.com + talents can sign up, join pools and apply for jobs or projects.
Cyber Security Coalition

Cyber Security Coalition

Responsible Disclosure

The Cyber Security Coalition is a unique partnership between players from the public and private sector to join forces in the fight against cybercrime. We are bringing together the skills and expertise of members on a trust-based platform. A lot of information is publicly available on our website but there is also protected data not publicly viewable. We are a reference in security and it is obvious that our website should be secure! We are happy to have your help in finding any vulnerabilities!
Delen Private Bank

Delen Private Bank

€100€15,000

Delen Private Bank is a family-based specialist in asset management, focused on wealth preservation, growth and careful planning. Our core values - entrepreneurship, personal service and long-term vision – inspire us to apply a proactive yet prudent investment philosophy. Honest, no-nonsense products and services help our clients to enjoy the good and beautiful things in life – both today and tomorrow.
Venly

Venly

€50€5,000

The goal of Venly is making blockchain accessible for everyone. + + Venly provides tools and services to help companies benefit from blockchain technology. We enable the use of blockchain, by providing accessible, trusted software solutions. Our global vision is to build both a developer-friendly platform and an intuitive interface for end users. At the center of everything lies simplicity, prime UX, and top-level security.
VRT

VRT

€100€2,000

Flemish Radio and Television Broadcasting Organization bugbounty program

Sustainable

Nexuzhealth

Nexuzhealth

Up to €4,000

Website + Android Apps + iOS Apps + + Android Apps + KWS Companion + The application is only to be used by doctors and no logon information will be given. + + mynexuz CPV + The application is only to be used by personnel of UZ Leuven responsible for transport of patients and no logon information will be given. + + mynexuzhealth app + This application is intended to be used by patients in order to consult their private data, their doctors & appointments and more. Login: see below. + + iOS Apps + KWS Companion + The application is only to be used by doctors and no logon information will be given. + + Website + mynexuzhealth website + This website is intended to be used by patients in order to consult their private data, their doctors & appointments and more. Login: see below. + + In order to be able to logon to the mynexuzhealth website and app, an ethical hacker will need to request one or more logon credentials via the platform. You can request this information via support (support@intigriti.be). The information they will receive is + + - A user ID of 8 numbers + - A PIN code of 4 numbers + - A QRCode
Randstad

Randstad

Responsible Disclosure

Randstad is the global leader in the HR services industry. By combining our passion for people with the power of today’s intelligent machines, we support people and organizations in realizing their true potential.
Yacht

Yacht

Responsible Disclosure

Yacht is number one in connecting professionals.
Tweakers

Tweakers

Up to €2,000

Tweakers is a Dutch technology website featuring news and information about hardware, software and the Internet. We take security very serious as many of our users use our site as a trusted source. Therefore we have decided to collaborate with ethical hackers that can inform us about potential vulnerabilities in our systems. If you happen to find a vulnerability we'd be more than happy to hear about it and, if its impact is significant enough, award you a bounty as token of appreciation.
Algemeen Dagblad

Algemeen Dagblad

Up to €2,000

With around 900 editors Algemeen Dagblad (AD) has become the largest journalistic organization in the Netherlands, offering both national and extensive regional news coverage.

Sustainable

eHealth Hub VZN KUL

eHealth Hub VZN KUL

Up to €2,000

The national project “eHealth Hubs & MetaHub” coordinated by the eHealth platform is meant to make medical results from hospitals (and in the near future medical laboratories) available to any caregiver who currently is treating the patient . For detailed information see https://www.ehealth.fgov.be/nl/zorgverleners/online-diensten/hubs-metahub and the URL in the next paragraph. This system supplements the traditional system of addressed ‘email type’ communication to individual referrers. + + Before medical data about a patient can be shared, that patient has to grant the ‘eHealth informed consent’ (see http://www.patientconsent.be ). + + Further, care providers declare a therapeutic relationship with the patient. + + Communication between the hubs and between external physicians and a hub is according to the KMEHR standard: https://www.ehealth.fgov.be/standards/kmehr/content/page/web-services + + The scope of this project is confined to the hub exploited by VZNKUL (Vlaams Ziekenhuis Netwerk KU Leuven) implementation of this hub system. The central metahub hub from the Belgian government, the other hubs, and the systems at other partners of this project are out of scope.
KU Leuven Responsible Disclosure Program

KU Leuven Responsible Disclosure Program

Responsible Disclosure

We are happy to announce our Responsible Disclosure program! + + KU Leuven has a very diverse web landscape. Keeping this environment and the data it contains as secure as possible is an ongoing effort. We would like to invite you to help us with this effort. + + Bonus can be given: + in 2022, 2000 Euro bonus was paid out. + In 2023, 2500 Euro bonus was paid out.
Sixt

Sixt

Responsible Disclosure

With more than 6,900 employees worldwide, SIXT combines global car rental and local share solutions, ride hailing-services as well as car subscriptions in one of the world’s largest mobility platforms. With just one app – the SIXT App – we offer our customers digital access to more than 200,000 vehicles and around 1.5 million connected drivers in approximately 110 countries worldwide. Besides its own range of vehicles, SIXT also integrates services from more than 1,500 mobility partners.
Digitaal Vlaanderen

Digitaal Vlaanderen

Responsible Disclosure

"Digitaal Vlaanderen" is the IT and digital transformation departement within the Flanders’ governmental IT. Positioned as the digital gateway and data broker between all Flemish government entities, we want to be at the top of our game. Our security ought to be too. For this program we are focusing at first instance on some of our main assets.
PDQ bug bounty program

PDQ bug bounty program

€50€3,500

At PDQ our mission is to make device management simple, secure, and pretty damn quick. We know how important the security of our products is. We're a bunch of former sysadmins ourselves. Every decision we make revolves around ensuring our products are safe to use for managing your devices, which is why we have a bug bounty program. It’s a true win-win: We improve the security of our products, and you reap the rewards.
SBB - Swiss Federal Railways

SBB - Swiss Federal Railways

€25€5,000

Swiss Federal Railways - the national railway company of Switzerland. + (German: Schweizerische Bundesbahnen, SBB) + + Welcome to our public Bug Bounty program. + + We are specifically looking for: + + * Leaking PII Data (customer) + * Data manipulation + + We will add additional applications/domains to the scope (step by step) to reach our goal. + + High performance researcher may be invited to our private programs!
BMC

BMC

Responsible Disclosure

BMC is number one in connecting professionals
Speakap Responsible Disclosure

Speakap Responsible Disclosure

Responsible Disclosure

Since 2010, Speakap has helped more than 400 companies across 120 countries, 42 languages, and many time zones, reach their full potential with more productive employees. With an award-winning, easy-to-use employee app, Speakap empowers company leaders to share the right content with the right people at the right time. Speakap boasts very high adoption rates with users logging in almost 6x a day for 50+ seconds per time.

Sustainable

Here Technologies

Here Technologies

Up to €2,000

HERE Technologies, is a global company that’s rooted in the evolution of digital maps and location technology. We offer a location data and technology platform, that moves people, businesses and cities forward by harnessing the power of location. The HERE platform caters to a variety of tasks related to bringing your own data, map, service, logic and algorithms for location enrichment.

Sustainable

Sentiance

Sentiance

€50€3,500

At sentiance we process enormous amounts of sentive data to provide our clients with rich insights & analytics used by them to optimize their business. All our products are built with security in mind and each feature has + been carefully assessed to prevent security vulnerabilities to be introduced in our services. + However, no security team is perfect and therefore we would like to call in the help of the bug bounty + community to point out where we might have missed a bug. If you think you found a valid security vulnerability we would absolutely love to hear about it and award you if it's eligible per our policy.
Vlerick Business School

Vlerick Business School

Responsible Disclosure

Vlerick Business School is an international business school at the heart of Europe. We offer fully-accredited, world class education programs combining a healthy mix of theoretical knowledge and practical insight. +
De Morgen

De Morgen

Up to €2,000

De Morgen has a broad view of the news with attention to political current affairs, culture and media. The editors are critical, dig deeper and often make the news of the day under the motto more insight, more salmon. + + De Morgen is aiming for an open-minded audience that is looking for qualitative news coverage, background and interpretation of the news. The newspaper looks young and fresh and has won international prizes with its design.
Nestlé VDP

Nestlé VDP

Responsible Disclosure

In Nestlé we believe in the power of food to enhance quality of life for everyone, today and for generations to come. + + IT Security is a top priority for us, we are committed to work with security researchers across the globe to help protect our systems and our customers' data from malicious activity and to further improve cyber security across our organization.
Canada Post + Purolator - Responsible Disclosure Program

Canada Post + Purolator - Responsible Disclosure Program

Responsible Disclosure

Canada Post is the country’s leading provider of business-to-consumer delivery. Reaching more than 16.2 million addresses, and operating the country’s largest retail network of over 6,200 post offices. + + Purolator is Canada’s leading integrated freight, parcel and logistics solutions provider. Purolator continues to expand its reach and renowned service levels and reliability to more people, more businesses and more places across the country and around the world.
WP Engine

WP Engine

Responsible Disclosure

WP Engine invites you to test the WP Engine and Flywheel Digital Experience Platforms. WP Engine equips its customers with a suite of agility, performance, intelligence, and integration solutions, so you can build and deploy a range of online experiences from campaign sites to content hubs to e-commerce extensions. Good luck and happy hunting!
Mobile Vikings

Mobile Vikings

Up to €5,000

True Vikings never entered the battlefield without their helmets. And we believe a secure environment, just like free access to open communication, is a worldwide human right. But even the best Viking Drakkars may sometimes encounter vulnerabilities. Brave sailors who discover leaks should be honored - not executed. Together with you and our broad community, we want to create a secure and safe environment for everyone.
SimScale

SimScale

€50€6,000

SimScale enables engineering teams to access accurate and fast simulation, on their terms, without compromises. We make engineering simulation technically and economically accessible from everywhere, at any time, and at any scale, in the cloud. We deliver instant access to fluid, thermal, and structural simulation to over 300,000 users. With SimScale, engineering simulation has moved from a complex and cost-prohibitive desktop application to an inclusive, agile, cloud-native simulation platform.
De Volkskrant

De Volkskrant

Up to €2,000

De Volkskrant is a Dutch daily morning newspaper. Founded in 1919, it has a nationwide circulation of about 250,000 papers per day.
Fing

Fing

€50€3,500

Fing device recognition is the foundation of digital products. Just from the MAC address, Fing can recognise all wireless and wired devices in home, office or enterprise networks by type, make, model and OS (name and version). Fing device intelligence and knowledge give you full visibility of your connected environment. + + The free Fing App identifies connected devices, troubleshoots network and device issues, detects network intruders and runs Wi-Fi and internet speed tests anywhere. +
PeopleCert VDP

PeopleCert VDP

Responsible Disclosure

PeopleCert is the global leader in the assessment and certification of professional and language skills, partnering with multi-national organisations and government bodies to develop and deliver market leading exams worldwide. + This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities.
De Lijn

De Lijn

Responsible Disclosure

De Lijn is the Flemish public transportation company dedicated to giving their customers a comfortable and quick ride. Due the fact that we use the latest IT equipment and servers is our security ought to be at the top of our game. For this program we are putting the focus at our web clients, APIs and of course the mobile application.
DHL Group Vulnerability Disclosure Program

DHL Group Vulnerability Disclosure Program

Responsible Disclosure

DHL Group is a global logistics company providing services in express delivery, freight transportation, supply chain management, e-commerce solutions, as well as postal and parcel services. As part of our commitment to security, we invite researchers to participate in our vulnerability disclosure program, helping us ensure protection of our systems. Join us in identifying and reporting potential vulnerabilities to maintain the highest standards of security for our customers and partners.
TrueLayer

TrueLayer

€75€6,000

TrueLayer is opening up finance and changing the way the world pays. Empowering businesses in every industry to create first-class financial experiences for their customers. + + We build on top of the Open Banking and PSD2 standards to provide APIs for our customers to use to provide financial data and payment initiation services.
Voi Scooters

Voi Scooters

Up to €3,500

Voi is europe's biggest micro-mobility operator based in Stockholm, Sweden. We manage a system of electrically powered scooters and bikes around urban centers. We provide an affordable, sustainable, and exhilarating way to commute while helping people to reduce their carbon footprint and cities to have a more sustainable transportation network. We are excited to work with and reward the community of security researchers to continuously improve our security position.
Azena

Azena

Responsible Disclosure

We are an award-winning German startup with locations in Munich, Eindhoven and Pittsburgh. We are 100% funded by the Bosch Group. + + Our goal is to be the leading open platform and marketplace for smart security and safety solutions. The platform we offer is based on a camera operating system that powers cameras from various manufacturers on the market. It connects to our Application Store where leading video analytics development companies offer cutting-edge apps.
RIPE NCC

RIPE NCC

Up to €2,000

We're an independent, not-for-profit membership organisation that supports the infrastructure of the Internet through technical coordination in our service region. Our most prominent activity is to act as the Regional Internet Registry (RIR) providing global Internet resources and related services (IPv4, IPv6 and AS Number resources) to members in our service region.
Ninja Kiwi Games Bug Bounty program

Ninja Kiwi Games Bug Bounty program

€75€4,125

Creators of hit computer game franchises Bloons, Bloons TD and SAS: Zombie Assault for mobile and web. We have offices in Auckland, New Zealand and Dundee, Scotland. We are excited to engage with the security community to help us keep our users safe and our services secure. This is our second Bug Bounty program after a successful campaign in 2021. + +
Housing Application (huisvestingsapp) Bug Bounty Program

Housing Application (huisvestingsapp) Bug Bounty Program

Up to €2,000

New or existing students can apply for a room in KU Leuven Central Services Residences.
Het Laatste Nieuws

Het Laatste Nieuws

Up to €2,000

HLN.be is the number one news site in Flanders. 24/7 news with a focus on current events, sports and entertainment. The editors know how to keep their finger on the pulse at all times: on average every 4 minutes a new article appears on the news site. Readers consume their news more and more fragmented through their social media, so it is important for HLN to stay top of mind with its own app.
AMD Product Security Bug Bounty Program

AMD Product Security Bug Bounty Program

$500$30,000

Advanced Micro Devices, Inc., commonly abbreviated as AMD, is an American multinational semiconductor company based in Santa Clara, California, that develops computer processors and related technologies for business and consumer markets.
Trouw

Trouw

Up to €2,000

Trouw reaches thousands of people involved daily with in-depth journalism via print and online via the news site, news apps and digital newspaper
Henkel

Henkel

Responsible Disclosure

Henkel operates globally with a well-balanced and diversified portfolio. The company holds leading positions with its three business units in both industrial and consumer businesses thanks to strong brands, innovations and technologies. Founded in 1876, Henkel looks back on more than 140 years of success. Henkel’s preferred shares are listed in the German stock index DAX.
Donorbox VDP

Donorbox VDP

Responsible Disclosure

Donorbox is a technology company established in 2014. The company provides an online fundraising platform enabling individuals and nonprofit organizations to facilitate online donations. The platform is utilized by various types of organizations, including charities, religious institutions, schools, animal welfare groups, political campaigns, among others.
Bühler Group VDP

Bühler Group VDP

Responsible Disclosure

Every day, billions of people come into contact with Bühler technologies to meet their basic needs for food, mobility, and more. Our technologies are in your smartphone, solar panels, diapers, lipstick, banknotes, the food you eat, and the vehicles you drive. We strive to innovate for a better world, with a special focus on healthy, safe, and sustainable solutions. + Learn more about Bühler at www.buhlergroup.com.
InnoGames

InnoGames

€100€2,000

InnoGames is Germany’s leading developer and publisher of mobile and online games. The company based in Hamburg and has a team of more than 400 employees.
Stravito VDP

Stravito VDP

Responsible Disclosure

Stravito is a knowledge management solution that democratizes access to market research and insights, making it fast and easy to use research to make better decisions. + + We welcome feedback from security researchers and the general public to help improve our security. If you believe you have discovered a vulnerability, privacy issue, exposed data, or other security issues in any of our assets, we want to hear from you.
Monzo Public Bug Bounty Program

Monzo Public Bug Bounty Program

£125£12,500

Welcome to the Monzo public bug bounty program! 🚀 + + At Monzo we aim to create a banking service that makes our customers financial lives better and easier. Our mantra is “make money work for everyone” and we mean it! 👍 + + We have created several apps to provide intuitive, helpful, and enjoyable experiences across our range of products 💖. + + We won’t sacrifice security though! So if you find a security bug in one of our apps or services, this is the place to report it! + + Happy hunting!
Social Deal

Social Deal

€25€750

Thank you for visiting our program, we are happy with ethical hackers who want to look have a into our security with an objective view. + + Social Deal is an online platform for consumers to buy the best deals in their region. With these deals they can discover restaurants/hotels/beauty/zoo and many other retailers for the best price. Social Deal is active in Netherlands, Belgium and Germany. + + Our customers trust our brand. We want to be sure the data is protected to keep our brand value high.

Sustainable

Nexuzhealth Web PACS

Nexuzhealth Web PACS

Up to €1,000

This website is used to provide patient access to their radiology images (PACS). + + Patients logon with their date of birth, and a unique code provided to them by the physician. + This code provides access to one study.
OVO VDP

OVO VDP

Responsible Disclosure

Who is OVO? + + - We launched in 2009 with a belief that energy could be better. We’re helping UK homes on the Path to Zero. https://www.ovoenergy.com/about + + What do we do? + + - OVO is a leading energy technology company determined to create a world with clean, affordable energy for everyone. + + Relationship to bug bounty? + + - No technology is perfect and OVO believes that working with skilled security researchers across the globe is crucial in identifying weaknesses in any technology.
ING Responsible Disclosure

ING Responsible Disclosure

Responsible Disclosure

Responsible Disclosure indicates ING’s continued commitment to improve its security posture. As part of this process, we work closely with security researchers to identify and report vulnerabilities they find within our systems. + + ING appreciates security researchers efforts in reporting vulnerabilities on its systems as long as the discovered vulnerability is in scope, detected without the use of intrusive testing techniques, and follows the disclosure guidelines below:
Yahoo Bug Bounty

Yahoo Bug Bounty

$100$15,000

Welcome to Yahoo + Yahoo is a global media and advertising company connecting people to their passions. With one of the largest online audiences in the world, Yahoo brings people closer to what they love — from finance and commerce, to gaming and news — with the trusted products, content, and tech that fuel their day. For partners, we provide a full-stack platform to amplify businesses and drive more meaningful connections across advertising, search, and media.
Revolut VDP

Revolut VDP

Responsible Disclosure

Revolut is a financial technology company that offers banking services. It offers accounts featuring currency exchange, debit cards, virtual cards, interest-bearing "vaults", commission-free stock trading, crypto, commodities, and other services to over 45M customers. + + Please visit our website for more information: www.revolut.com
Veriff Bug Bounty

Veriff Bug Bounty

€5€6,000

At Veriff we are passionate about creating a safer environment online. Our mission is to bring transparency to the digital world. + We take the security of our systems seriously, and we value the security community. The disclosure of security vulnerabilities helps us ensure the security and privacy of our users. We ask all researchers to follow the guidelines provided.
Moralis VDP

Moralis VDP

Responsible Disclosure

Moralis is a blockchain technology platform providing developers with backend infrastructure for building and scaling decentralized applications (dapps). This page is a safe way for you to communicate found bugs in a responsible way. All contributions are highly appreciated.
Intel®

Intel®

$500$100,000

Intel® Bug Bounty Program + Intel Corporation believes that forging relationships with security researchers and fostering security research is a crucial part of our Security First Pledge. We encourage security researchers to work with us to mitigate and coordinate the disclosure of potential security vulnerabilities. By submitting your report, you agree to the terms of the Intel® Bug Bounty Program. Intel reserves the right to alter the terms and conditions of this program at its sole discretion. +

2FA Required

Sustainable

intigriti

intigriti

€50€13,337

At intigriti, we practice what we preach. We’ve built the platform with the greatest care and attention for security, but all software contains bugs and we are no exception to this rule. We encourage you to responsibly disclose any security vulnerabilities you may encounter and we will reward you accordingly.

2FA Required

Sustainable

Capture Our Flag

Capture Our Flag

Up to €51,337

One submission and 51,337 reasons to get to it. + Cybersecurity is part of our nature and we understand that only by challenging our ways, we get to improve. + The Capture Our Flag program is a targeted challenge that leverages Intigriti's core assets: submissions. + This ensures our core product is secure at all times, and is a testament to the trust we build with our researchers and to our customers.

T&C Required

Sustainable

Telenet - Base - Wyre - Tadaam

Telenet - Base - Wyre - Tadaam

€50€2,500

At Telenet we place great importance on the security of our systems and data. Despite the measures we take to optimise our security, it is nevertheless possible that something will slip through the net. + + The brands that are part of Telenet group are Telenet, Base, Nextel and Tadaam. + + Should you discover a security problem, we have a system in place for you to report it to us in a responsible way. We are happy to have your help to improve our systems and protect our customers even better.

T&C Required

GlobalSign

GlobalSign

€15€3,500

GlobalSign is one of the world's largest identity services company providing cloud-based, highly scalable PKI solutions. Because GlobalSign is trusted by software suppliers, browsers, operating system vendors and governments we are a high-interest target for criminal organizations and nation-state actors. For that reason, we launched a bug bounty program to have additional and independent insights in our perimeter security posture.

Application Required

E-Gor

E-Gor

€50€2,500

E-Gor is an interactive platform that manages everything related to your pension.
Intergamma

Intergamma

€50€5,500

Intergamma is the biggest DIY retailer of The Netherlands and Belgium with three brands: GAMMA Nederland, GAMMA België, and KARWEI. We have almost 400 DIY stores and operate three eCommerce websites. + + Our strategy is to be the best omnichannel retailer of the Netherlands and Belgium. This means offline and online are converging, and eCommerce is a growth market. Therefore a secure platform is paramount. + + For more information on our organization please visit https://www.intergamma.nl/
VRT responsible disclosure

VRT responsible disclosure

Responsible Disclosure

Flemish Radio and Television Broadcasting Organization
DataCamp

DataCamp

€25€1,500

DataCamp’s mission is to democratize data skills for everyone. Companies and teams of every size use DataCamp to close their data skill gaps and make better data-driven decisions. Data science and analytics are rapidly shaping every aspect of our lives and our businesses. There is incredible power in data—but only if you know what to do with it. DataCamp teaches 1,600+ companies and 7 million individuals from 180+ countries the skills they need to work with data in the real world. + +
cLabs

cLabs

$1,000$10,000

cLabs supporting $CELO cryptocurrency in building financial technology to enable prosperity for all
Soundtrack Your Brand

Soundtrack Your Brand

€50€3,500

Soundtrack Your Brand offers music streaming services for businesses. We serve small customers like the café around the corner or larger brands like McDonald’s. Through our service customers have total control over the music and can manage locations across the world. + + We provide a wide variety of playback options, from mobile apps to custom hardware, that our customers use to play music at their venues. They manage their account, music and locations via our web app.
Jooki

Jooki

Responsible Disclosure

Jooki by Muuselabs - the IoT speaker for kids + + Jooki is a music player that kids can independently use in a safe and screen-free environment. Upload your own content for offline use or listen online to your favourite Spotify playlists or web radios. Jooki has WiFi, Bluetooth, a microphone, speakers, NFC tags, voicemail service... + + Right now we are not offering monetary awards, but notable exploits will be rewarded with a Jooki 2 when they become available in Q3-2020.
Axel Springer National Media & Tech

Axel Springer National Media & Tech

€15€2,500

AS National Media & Tech (NMT) is a subsidiary of Axel Springer SE an international media and technology company. + NMT is responsible for all german news media websites, digital products and their continuous development. These websites reaches more than 50 million unique users per month. + By providing information across its diverse media brands Axel Springer SE empowers people to make free decisions. + Therefore, IT security of our websites and that of our customers is so important to us.
Arbonia VDP program

Arbonia VDP program

Responsible Disclosure

We are happy to announce our public VDP program! We've done our best to clean up our known issues and now would like to request your help to spot the ones we missed! + + Arbonia is a focused building components supplier active in the area of interior doors made of wood and glass. The company, which is listed on the SIX Swiss Exchange, is active worldwide with its own distribution companies as well as with representatives and partners in more than 70 countries. Its main production sites are located in Switzerland, Germany, Poland, Spain, Portugal, France and Czech Republic. A total of around 3'500 employees work for the Arbonia Group.

2FA Required

Sustainable

Submit your research - Fast lane

Submit your research - Fast lane

Responsible Disclosure

Want to try a new technique or methodology on private bug bounty programs? + Submit your research, get invited to private programs, and start collecting bounties.