) Bug Report Guide

Welcome to arabesports test phase! If you have any feedback or suggestions or want to report a bug, you can reach out to us on Discord

Bug Report Guide

updated at: 2020-09-20 04:54

Bug Bounty Program Page: https://www.openbugbounty.org/bugbounty/arabesportsdevs
 


Policy

Arabesports welcomes working with the community to resolve UI bug/Logical bug/Security vulnerabilities in order to keep our customers safe & Application working!

We will make a best effort to respond to incoming reports and keep you informed about our progress toward resolving any issues.

 

Vulnerability Disclosure:

 

If you have identified a potential UI bug/Business Logic bug/Security vulnerability in our technology, please submit us a detailed report with reproducible steps at:

bug@arabesports.com

Make a good faith effort to avoid privacy violations, destruction of data, and interruption or degradation of our service. Only interact with accounts you own or with explicit permission of the account holder.

 

Scope:

 

Any production public-facing website owned & operated by Arabesports. Any application published by Arabesports.

 

- https://arabesports.com

 

Restrictions & Exclusions:
 

The use of automated scanning against the web or API are strictly prohibited and will result in IP bans along with rejection of any findings.

 

The following issues fall outside the scope of our BBP:

 

No Social engineering attacks (e.g. phishing, vishing, smishing)

No physical attacks of Arabesports’s office or data centers are permitted

No Denial-of-Service attacks

Brute force attacks

No beta or other pre-production/testing environments

No 3rd party party hosted applications (ex: status pages, customer support systems)

Outdated TLS configurations which remain to support legacy Android

Clickjacking attacks without a documented series of clicks that produce a vulnerability

Email (including SPF/DKIM/DMARC)

Missing HTTP headers, unless a vulnerability can be demonstrated

Assumed vulnerabilities based upon version numbers only

Insecure cookie settings for non-sensitive cookies

Bugs requiring exceedingly unlikely user interaction

 

Arabesports reserves the right to make the final decision on the classification of all vulnerability reports. We may mark reports as duplicate, non-applicable or otherwise, at our own discretion.

 

Rewards:

 

A range from 5 USD gift cards up to 500 USD for high risk security vulnerability.

 

~ snwlol