RESPONSIBLE DISCLOSURE

We at ENCIPHERS firmly believe that whether it is a growing firm or a well-known enterprise, security is compelling priority. As a team of enthusiastic security researchers, we invest per diem in uncovering security vulnerabilities for our clients. Being a security services provider, we make sure that you are able to use our website and products securely. We are committed to the privacy and security of our user’s data. But YES, vulnerabilities are inevitable. For that sole reason, we are inviting security professionals to test for any vulnerabilities on our website or products (under scope).

Whether it is a low severity vulnerability or a critical one, forward us your report by submitting the form below. As of now, we are not providing monetary rewards for low & medium severity vulnerabilities. Monetary/Swag rewards are supplied only for High and critical severity vulnerabilities. Though, we would be happy to put your name in our Hall Of Fame.

Rules Of Engagement

When submitting potential vulnerabilities, we ask that you follow our guidelines for disclosure. A submission that does not meet these requirements may not qualify for the Hall of Fame.

The following attributes are expected in a valid submission:

  • Description of the vulnerability
  • Steps for reproducing the vulnerability. If we cannot reliably reproduce the issue, we cannot fix it
  • Impact of the vulnerability with an exploit scenario
  • Proof of concept (Explain what you have achieved to do. No Attachment needed)

Important Note

Our responsible disclosure program is now hosted on VantagePoint

Update

This program has been changed to a invite-only, vulnerability disclosure program, hosted on our own platform - VantagePoint

Not Applicable Vulnerabilities

Please refrain from sending us a report on the below issues. Even if they are reproducible,
we consider them as Informational and not a security vulnerability.
  • Presence of banner or version information
  • OPTIONS / TRACE HTTP method enabled
  • “Advisory” or “Informational” reports such as user enumeration
  • Vulnerabilities requiring physical access to a system
  • Missing CAPTCHAs
  • Default web server pages
  • Brute-force attacks
  • Content injection
  • Hyperlink injection in emails
  • Missing SPF/DMARC records
  • Content Spoofing
  • Issues relating to password policy
  • Full-path disclosure
  • Version number information disclosure
  • XML.RPC being accessible publicly (Or enumeration using XML.RPC)
  • CSRF-able actions that do not require authentication (or a session) to exploit
  • Issues on 3rd-party subdomains/domains of services we use. Please report those issues to the appropriate service.
  • Reports related to the security-related headers: Strict Transport Security (HSTS) – XSS mitigation headers (X-Content-Type and X-XSS-Protection) – X-Content-Type-Options – Content Security Policy (CSP) settings (excluding nosniff in an exploitable scenario)
  • Click-jacking (without a valid exploit)
  • DOS vulnerabilities
  • Any theoretical issue, which does not seem to be exploitable

Join Our Vulnerability Disclosure Program

Thank you! Your submission has been received! Our Team Will Get Back To You Within 24 hours
Oops! Something went wrong while submitting the form.
An Award-Winning Cyber Security Consulting & Training Company
Email
Headquarter
Enciphers Labs Private Limited,
24th Floor, Tower B, Alphathum, Sector 90, Noida, Uttar Pradesh, India
Company
About usContact UsServicesTrainingBrand Kit
Useful links
Cyber Security PolicyData Protection PolicyResponsible DisclosurePrivacy PolicyHall Of Fame
© 2000-2024, All Rights Reserved