At SecureWeb, we prioritize the security of our online assets and value the contributions of ethical hackers and security researchers. Secureweb Vulnerability Disclosure Program outlines how to responsibly report security vulnerabilities in our systems. Help us keep SecureWeb safe by identifying and reporting potential vulnerabilities.
1. Scope
Our Vulnerability Disclosure Program covers all digital assets within SecureWeb‘s online presence, including:
- SecureWeb websites (e.g., secureweb.ma & hack.secureweb.ma)FFFFFF
- Web applications plugins and tools developed by SecureWeb
The following actions are prohibited during testing:
- Distributed denial of service (DDoS) attacks
- Spamming or phishing attempts
- Physical security tests (e.g., facility breaches)
2. How to Report a Vulnerability
If you discover a security issue, report it by:
- Emailing the details to [email protected].
- Providing comprehensive information, including:
- Detailed vulnerability description
- Steps to reproduce the issue
- Supporting files (e.g., screenshots, logs, videos)
- Potential impact assessment
We aim to acknowledge your report within 2 business days and begin an investigation promptly.
3. What to Expect After Submission
Once a report is submitted:
- We will investigate the vulnerability as soon as possible.
- You will receive updates on our progress.
- Valid issues will be addressed in a timely manner.
We request that you:
- Keep the vulnerability confidential until it has been resolved.
- Allow us enough time to fix the issue before public disclosure.
4. Acknowledgments in the Hall of Fame
While SecureWeb does not offer monetary rewards at this time, security researchers with valid reports will be recognized on our Hall of Fame page: Hall of Fame.
5. Responsible Disclosure Guidelines
To ensure responsible vulnerability disclosure, please:
- Avoid exploiting the vulnerability beyond the proof of concept.
- Respect the privacy of SecureWeb users by not accessing their data.
- Minimize disruption to services while testing.
6. Exclusions from the SecureWeb Vulnerability Disclosure Program
The following issues are not within the scope of this program:
- Social engineering or phishing techniques
- Vulnerabilities in third-party services not operated by SecureWeb
- Issues related to outdated or unsupported browsers, plugins, or software
Contact Information
For further clarification or to submit a vulnerability, contact us at [email protected]