Bug Bounty Program
At E-goi, our Development and Security team strives to always keep our platform safe from security breaches and annoying, sometimes compromising, bugs.
In order to keep that commitment we run a Bug Bounty Program so that anyone can safely, and responsibly, disclose to us any unknown bugs or security flaws that might have been found.
HOW TO REPORT
If you wish to contact us about a possible security flaw or bug we recommend that you submit your report on this form.
We ask that you please describe to us in your submission, with as much detail as possible, what the flaw is and, more importantly, the steps to reproduce it. We will try to review your report as soon as possible and reply back to you to inform you if we were able to confirm and reproduce the existence of the flaw, or to further inquire about it.
If you want to report more than one issue please send a separate form for each one so that they can be processed individually.
We also ask that you do not publicly disclose your findings without our approval first.
REWARDS
Our Bug Bounty Program rewards any reporter that submits an issue that is both new and unknown to us. The Rewards range, depending on the severity of the security flaw that was found, from $10 USD, $40 USD or $100 USD if they are classified accordingly as a Low, Medium or High severity flaw.
As a norm, but not always, we tend to qualify any security flaw that disclosures sensitive information, or might compromise the availability of our service, as an immediate High reward, any Stored exploits are usually a Medium, while other reports like Reflected XSS or Open URL Redirection tend to be qualified as Low Risk.
In order to qualify for payment you must have a valid Paypal Address account, the Report must be reproduced by us, and it must be unique and not reported before. We will only reward the first reporter for the same issue. If you post a duplicate report we will Forward you the original report to confirm it.
SCOPE OF THE PROGRAM
We are only looking for reports concerning our main platform E-goi, that you can access using the URL: https://login.egoiapp.com
We ask that you do not attempt to do any actions to existing accounts and instead create your own account to do your own tests, you can create an account for free 🙂 If you think you found a flaw that might compromise the availability of our platform we ask that you get in contact with us instead of testing it first.
While we welcome any report concerning flaws with third party software, like WordPress, Jira, LiveAgent, etc, that we might be using for our Website or Blog, these don’t usually qualify for a reward unless they represent a Data Breach.
The most common vulnerabilities that usually are rewarded are:
– Remote Command Execution (RCE)
– SQL Injection
– Weak Session/Account Protection
– Broken Session Management
– Access Control Bypass
– Reflected or Stored Cross-Site Scripting (XSS)
– Cookie Stealing
– Open Redirections
– Enumeration Attacks