CrowdShield rewards security researchers and ethical hackers for any OWASP TOP 10 vulnerabilities or major security bugs affecting crowdshield.com. This includes the following static point structure:

• SQL Injection
• Cross Site Request Forgery
• Cross Site Scripting
• Remote Command Execution
• Authentication Bypass
• Buffer Overflows
• Open URL Redirects
• Local and Remote File Inclusion
• Privilege Escalation
• Session Security and Cookies
• Other

Out of scope

• DoS vulnerabilities
• SSL vulnerabilities
• X-Frame Headers Missing
• Web software enumeration (ie. Apache, PHP versions, etc.)
• CSRF on login or subscribe pages or non-critical functions

For testing purposes, feel free to send all fuzzing requests the test bounty page at http://crowdshield.com/bounty_list.php?bounty_id=12 and not to the main CrowdShield bounty page.

Disclaimer

Do not spam or DoS any services or users of the site or your IP will be automatically blocked and your account will be terminated immediately. We encourage users to manually crawl and test the site, forms, parameters and software security but we do use a WAF that does block for given thresholds so keep that in mind. Brute forcing the login page will result in a 24 hour suspension of your account so avoid brute forcing user accounts at all costs.