PayPal Announced Paid “Bug Bounty” Program for Security Researchers
Giant in payment services provider PayPal recently announced the launch of a new paid bug bounty program where PayPal will reward security researchers who will discover vulnerabilities in its website with handsome amount of money. In the official blog PayPal's Chief Information Security Officer Michael Barrett said- "The security of our customers’ data is our number one priority" Its very obvious and clear that while enhancing more security PayPal took this step because we all know that PayPal is listed among those sites where cyber-criminals always kept their eyes.
If you are a security researcher, and you've discovered a site or product vulnerability, please forward your details to sitesecurity@paypal.com. We also like to give you reminder that before PayPal- Facebook, Google & many other has already started this paid bug bounty program.
-:PayPal Bug Bounty Program In Details:-
- PayPal security team will determine the bounty amount and all decisions are final.
- Bounty is awarded to the first person that discovers the previously unknown bug.
- The bug bounty program is subject to change or to cancellation at any point without notice.
- Bug bounty is valid for the following site: www.paypal.com.
- Payment is paid out through a verified PayPal account, once the bug is fixed.
- For all submissions, do not send personal information in your report and please use PayPal's PGP key to encrypt your email.
- Individuals from sanctioned countries are not allowed to participate in this program.
- eBay Inc. employees, contractors and their immediate relatives are not allowed to participate in the program.
Vulnerabilities That Are in Scope:
- XSS
- CSRF/XSRF
- SQLi
- Authentication bypass
Note: While "Logout CSRF" is a well-acknowledged issue, there are other techniques like "cookie forcing" and "cookie bombardment" that can make it futile to defend against this attack. Also, PayPal's web sessions are relatively short lived and hence the Bug Bounty panel will not consider reports of the ability to log out users from PayPal as qualifying for the reward.
In Your Bug Submission Email, Please Include The Following: - Your email address
- Your PayPal account (in order to receive the bounty)
- Vulnerability type (i.e., XSS, CSRF, SQLi, etc.)
- Vulnerability Scope: Domain(s), URL(s) and Parameter(s) impacted
- Steps to reproduce bug
- Share the security issue with us before making it public on message boards, mailing lists, and other forums.
- Allow us reasonable time to respond to the issue before disclosing it publicly.
- Provide full details of the security issue.
Terms for Participation :- As between eBay Inc. and the Submitter, as a condition of participation in the PayPal Bug Bounty program, the Submitter grants eBay Inc., its affiliates and customers a perpetual, irrevocable, worldwide, royalty-free and non-exclusive license to use, reproduce, adapt, modify, publish, distribute, publicly perform, create derivative work from, make, use, sell, offer for sale and import the Submission for any purpose. Submitter represents and warrants that the Submission is original to the Submitter and Submitter owns all rights, title and interest in and to the Submission. Submitter waives all other claims of any nature, including express contract, implied-in-fact contract, or quasi-contract, arising out of any disclosure of the Submission to eBay. In no event shall eBay be precluded from discussing, reviewing, developing for itself, having developed, or developing for third parties, materials which are competitive with those set forth in the Submission irrespective of their similarity to the information in the Proposal, so long as eBay complies with the terms of participation stated herein.
For additional information click Here
LINK TO OUR HOME PAGE :
Voice Of GREYHAT is a non-profit Organization propagating news specifically related with Cyber security threats, Hacking threads and issues from all over the spectrum. The news provided by us on this site is gathered from various Re-Sources. if any person have some FAQ's in their mind they can Contact Us. Also you can read our Privacy Policy for more info.
Thank You !
-Team VOGH
If you enjoyed VOGH News, Articles Then Do Make sure you to Subscribe Our RSS feed. Stay Tuned with VOGH and get Updated about Cyber Security News, Hacking Threads and Lots More. All our Articles and Updates will directly be sent to Your Inbox. Thank You!
-Team VOGH
Categories:
NEWS
,
security-news
