Report security issue

We know how much work goes in to pen testing!

To avoid frustration, you can check out these common non-vulnerabilities that don't qualify for rewards.

Got a valid issue? Awesome! Please include:

  • A summary of the problem
  • A severity rating of 1 — 5 (1 being least severe, 5 being most ie. you can easily hijack, impersonate or access any other account or data)
  • A PoC or breakdown of how to replicate the issue
  • The operating system name and version as well as the web browsers name and version that you used to replicate the issue

Send to security (at) ethicontrol.com

GPG Encryption

If you plan to provide access tokens, secure cookies or sensitive data as an example, we kindly ask you GPG encrypt your email. Here is our public GPG key.

Rewards

We're eternally grateful for all of those who put in hard work to identify weaknesses within Ethicontrol. For reports that are not common non-vulnerabilities, we like to reward those who responsibly disclose vulnerabilities with an acknowledgement, swag or bounty money.

Acknowledgements

We appreciate the work that goes into finding and disclosing security flaws in Ethicontrol and would like to thank the following individuals and organizations:

  • Alexey Yankovsky, ISACA

    We've been working closely with Alexey and his team at ISACA Kyiv Chapter to identify key weaknesses within our app. They've continuously proven to be experts in identifying weaknesses. They have helped us identify and resolve potential security holes such as account hijacking, access token leaks, XSS and CSRF exploits.

Watch demo or presentation

Ethicontrol OÜ
Tornimäe 5, 2nd Floor, 10145 Tallinn
+1 (302) 451 94 55
+372 668 2755
+7 (499) 348 90 95
+38 (044) 393 58 34

info@ethicontrol.com