Tips Learn how to create beautiful mobile app demos with Supademo →

Supademo Bug Bounty Program

Introduction

Welcome to the Supademo Bug Bounty Program! We believe in the power of community-driven security and welcome ethical hackers to help us improve the security of our platform.

We highly appreciate your efforts in finding and reporting security vulnerabilities to us. This document outlines the rules, rewards, and guidelines for participating in our bug bounty program.

Scope

Our bug bounty program covers vulnerabilities found within the Supademo platform, including but not limited to:

  • Authentication flaws
  • Authorization bypass
  • Cross-Site Scripting (XSS)
  • Remote Code Execution (RCE)
  • SQL Injection (SQLi)
  • Information Disclosure
  • Server-Side Request Forgery (SSRF)
  • Security Misconfigurations

Vulnerabilities found in third-party services integrated with Supademo are not within the scope of this program.

Rules and Guidelines

  • All reported vulnerabilities must be new and previously unreported.
  • Do not exploit any vulnerabilities beyond what is necessary to prove its existence.
  • Respect user privacy and comply with all applicable laws and regulations.
  • Do not engage in any activity that could harm the availability or integrity of our services.
  • Report any vulnerabilities promptly and provide clear, detailed explanations and reproducible steps.

Rewards

The rewards for valid vulnerabilities will be determined based on their severity and impact on our platform. Rewards may include monetary compensation, recognition on our Hall of Fame, or merchandise.

Please note that only the first reporter of a particular vulnerability will be eligible for rewards.

Reporting

To report a vulnerability, please send an email to engineering@supademo.com with the subject line "Bug Bounty Report". Include a detailed description of the vulnerability, along with any supporting evidence such as screenshots or proof-of-concept code.

We will review your report promptly and keep you updated on our progress. Please allow us a reasonable amount of time to investigate and address the reported issue.

We thank you for your contributions to the security of Supademo!