We know you are a GREAT security researcher and ethical hacker and we want to reward you with a nice bounty for your efforts to secure and make attack-secure.com more safer!

If you are a security researcher, please review our responsible disclosure policy before reporting any vulnerability. If you believe you have found a security vulnerability on Attack-Secure, we encourage you to let us know right away. We will investigate all legitimate reports and do our best to quickly fix the problem.

Responsible Disclosure Policy

If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.

Bug Bounty Info

To show our appreciation for our security researchers, we offer a NICE bounty for certain qualifying security bugs. Here is how it works:


To qualify for a bounty, you must:

  1. Adhere to our Responsible Disclosure Policy (above)
  2. Be the first person to responsibly disclose the bug
  3. Report a bug that could compromise the integrity of Attack-Secure website, circumvent the security protections of Attack-Secure, or enable access to a system within the Attack-Secure infrastructure, such as:
  1. Cross-Site Scripting (XSS)
  2. Cross-Site Request Forgery (CSRF/XSRF)
  3. Broken Authentication
  4. Remote Code Execution
  5. Privilege Escalation
  6. Provisioning Errors

Our security team will assess each bug to determine if it qualifies.


  • Our GREAT reward for you is: Learn the Basics of Ethical Hacking and Penetration Testing Course.
  • Writing guest posts on our blog.
  • Add your name to the Thanks! section of this page.
  • If we run in to you at a security conference we’ll give you a high five and tell people how awesome you are.
  • Only 1 bounty per security bug will be awarded.


The following bugs are not eligible for a bounty (and we do not recommend testing for these):

  1. Denial of Service Vulnerabilities
  2. Spam or Social Engineering techniques


On behalf of over a billion users, we would like to thank the following people for making a responsible disclosure to us:

  • Jay Turla – https://twitter.com/shipcod3
  • Ajay Singh Negi – https://twitter.com/AjaySinghNegi
  • Prashant Kumar -https://plus.google.com/u/1/104091648558507933491
  • Ahmad ashraff – https://twitter.com/yappare
  • Atulkumar Hariba Shedage – https://twitter.com/atul_shedage
  • vinesh redkar – https://www.facebook.com/vinesh.redkar.5
  • Omer Butt – https://twitter.com/omerbutt26
  • Osanda Malith Jayathissa – https://twitter.com/OsandaMalith
  • Sebastian Neef – twitter.com/internetwache
  • Prajal Kulkarni – http://www.prajalkulkarni.com
  • devesh bhatt – https://plus.google.com/u/1/114157443749870574232
  • Danish Tariq – www.danishtariq.net
  • Yasser Ali- www.yasserali.com
  • Nitin Goplani – http://in.linkedin.com/in/nitingoplani
  • Evan Ricafort – http://www.evanricafort.com

Report a Security Vulnerability

Do you have technical details of a security vulnerability?

Please send everything about the vulnerability you found to this email ( [email protected] ) and we will reply to you within 24 hours!