© 2024 HackerHood

Bug Hunting e Disclosure

Responsible Disclosure e Bug Bounty Program

Entra a far parte del Red Team di Hackerhood

Le competenze in Hackerhood sono importanti! cerchiamo programmatori, penetration tester e bug hunter professionisti in grado di testare domini che dispongono di piani disclosure o policy di bug bounty. Candidati a hackerhood.rhc@gmail.com

Curzi Fernando Lucio

Pentester certificato CEH | eJPT | eCPPT , laureato in ingegneria formatica e sviluppatore

get started

Manuel roccon

Pentester e IT security consultant

get started

AlessandrO Molinari

Ethical hacker e Pentester

get started

Alcuni esempi di aziende che offrono programmi di “Responsible disclosure” o di “Bug Bounty”.

Nota Bene: Leggere bene la policy di Responsible Disclosure presente sul sito prima di iniziare ad effettuare attività di test di sicurezza

Responsible Disclosure Italiani

io.italy

https://io.italia.it/security.html

Revolut

https://www.revolut.com/it-IT/responsible-disclosure-program

Kiwa

https://www.kiwa.com/it/it/responsible-disclosure

Dimension

https://dimension.it/responsible-disclosure

Fastweb

https://www.fastweb.it/corporate/responsible-disclosure

TIM

https://www.gruppotim.it/it/footer/responsible-disclosure.html

Fastweb

https://www.fastweb.it/corporate/responsible-disclosure

European Central bank

https://www.ecb.europa.eu/services/responsible-disclosure/html/index.en.html

PagoPA

https://www.pagopa.gov.it/security.html

https://www.pagopa.it/it/responsible-disclosure-policy

CSI Piemonte

https://www.csipiemonte.it/it/responsible-disclosure-policy

IKEA Italia

https://www.ikea.com/it/it/customer-service/responsible-disclosure

Sky

https://www.sky.it/info/responsible-disclosure

Infoblu

disclosure

Fendi

https://www.fendi.com/it-it/legal-privacy-responsible-disclosure-policy

APP IO

https://io.italia.it/security.html

TransporeOn

https://www.transporeon.com/it/responsible-disclosure-policy

Sprout Social

https://sproutsocial.com/it/responsible-disclosure-policy

Ivanti

https://www.ivanti.com/it/support/contact-security

SplashTop

https://www.splashtop.com/it/responsible-disclosure

Crm in cloud

https://help.crmincloud.it/it/article/responsible-disclosure-of-security-vulnerabilities-program-nolppm

WorldLine

https://worldline.com/it-it/compliancy/responsible-disclosure-program.html

Choiche Hotel

https://www.choicehotels.com/it-it/legal/responsible-disclosure

Bug Bounty Program

Swisscom

https://www.swisscom.ch/it/about/sicurezza/bug-bounty.html

HostPoint

https://www.hostpoint.ch/it/bugbounty

N26

https://n26.com/it-it/bug-bounty-program

H&M

https://www2.hm.com/it_it/service-clients/legal-and-privacy/bug-bounty-program.html

Vivid

https://vivid.money/it-it/bug-bounty

Gnosis

https://it-gnosis.eu/it/bug-bounty

BitPanda

https://www.bitpanda.com/it/legale/bug-bounty

Just Eat

https://www.justeat.it/informazioni/bugbounty

Come segnalare un bug

Per prima cosa occorre redigere il report di disclosure ed inviarlo, utilizzando il template mail all’azienda.

Produzione del report di disclosure

Compilare il report di disclosure riportando i bug scoperti inserendo le print screen che evidenziano il problema utilizzando il seguente template:

https://docs.google.com/document/d/10whV2zZTiLofBcm0D3LuygAYwuzweIMx

Inviare la segnalazione

Inviare la segnalazione all’indirizzo presente nella pagina di “responsible disclosure” o del “Bug bounty”, utilizzano il seguente template: https://docs.google.com/document/d/1ch-CjMTBSdVKnCyAd6BX2CYigZiW6-0m 

© 2024 HackerHood. Created from a Red Hot Cyber project of ​​Curzi Fernando L. and Massimiliano Brolli