Thank you for all that you do
On behalf of over 3 million ZebPay users, we would like to express our heartfelt gratitude to all those listed in our Hall of Fame for their efforts in keeping the platform secure. We look forward to your continued participation in our Bug Bounty Program.View leaderboard
- Send your report to firstname.lastname@example.org.
- Description of the issue, potential impact of the vulnerability along with details of the mobile device (Make and Model) and browser used for the website vulnerability.
- A detailed description of the steps required to reproduce the vulnerability with suitable snapshots and video(s).
Out of Scope
- Any targets besides the ones mentioned above.
- All third party applications used at ZebPay
- The ZebPay static website (www.zebpay.com)
- Please use your own account for testing or research purposes. Do not attempt to gain access to another user’s account or confidential information.
- Please do not test for spam, social engineering or denial of service issues.
- Your testing must not violate any law, or disrupt or compromise any data that is not your own.
- Multiple vulnerabilities caused by one underlying issue will be awarded one bounty.
- Providing us a reasonable amount of time to fix the issue before publishing it elsewhere.
- In order to encourage responsible disclosure, we promise not to bring legal action against researchers who point out a problem provided they do their best to follow the above guidelines.
- Every valid security bug qualifies for rewards based on the severity of the identified bug. The severity of the bug, and the corresponding reward depends on the criticality of the issue and will be determined at the sole discretion of our security team. All changes to the code and/or to the configuration ensures an entry to our Hall of Fame. All changes with higher severity levels get further rewarded with a SWAG or cash payouts (as per the below table) of up to $1000 depending on the severity of the bug as well as its immediate effect on the ZebPay infrastructure.
|Low||Hall Of Fame|
|Low-Med||Swag or Goodies|
|Medium||$50 to $100|
|Med-High||$100 to $500|
|High||$500 to $1000|
- Confidentiality is very important to us at ZebPay and we will keep all information related to any disclosure, confidential.
- In order to protect customer privacy, ZebPay does request that you not post or share information about a potential and unverified bug / vulnerability on any public platform. In case of any unverified public disclosures, ZebPay reserves the right to initiate legal proceedings against individuals.