Author

Topic: ANNOUNCEMENT: PikaPay.com Vulnerability Bounty Program (Read 588 times)

full member
Activity: 164
Merit: 101
@PikaPay - Easy as a Tweet!
Since our last bounty announcement on September 18, 2013, we are pleased to announce that only one actual vulnerability has been reported on PikaPay. We nevertheless want to acknowledge all of the following security investigators who have sent in findings that we found especially interesting and useful. We have paid out rewards for each of these cases because we value the time, attention and insights that these particular contributors have submitted.

PikaPay says thanks for the following:

* The lone XSS vulnerability was discovered by Michael Blake.

* A low-impact _xsrf cookie-related issue involving a web framework we use submitted by a security researcher who has not yet requested acknowledgement. Unless we hear from him we will make a donation on behalf of his security submission to Project Pika.

* A report that certain server header information had been revealed was sent in by Sahil Saif.

* A minor Javascript bug that caused a page to continue loading longer than needed was found by Ben Holden-Crowther.

* The implementation of HSTS headers was suggested by Anand Prakash.

We appreciate the effort these security experts have contributed and thank them for their participation in our vulnerability bounty program.
Jump to: