HYPR
External Program
Submit bugs directly to this organization
HYPR
In order to request credentials for the HYPR platform please submit your handle and email in this form.
Main subdomain for testing: https://hypr28135.gethypr.com/ or https://pentesting5.gethypr.com/
Additional subdomain to test against cross-tenant access: https://pentesting2.gethypr.com/ / **https://hypr57932.gethypr.com/ **. Valid user for this tenant: [email protected]
Other subdomains may be running older HYPR versions and bounties might not be applicable as described on this policy.
You will receive and invitation email from HYPR to create an account. Please note you'll need to install the HYPR app from Google Play or App Store in order to create an account and login to our web platform, alternatively you can use passkeys to register and login. The invitation email includes the links to download the proper app for your phone.
An admin account will be created for you and you can add as many users as you'd like once you create your first account.
Please do not delete any data that's already in the platform. You can edit and delete any data that you add but please don't delete anything previous since this is a shared environment.
Please review the attached pdf that contains a quick-start guide as well as what our main security concerns are: F1872893
We have one mission and that is to create a passwordless world. For us, security isn’t just about keeping the bad guys out. It’s about protecting people in everything they do, wherever they are.
HYPR founders realized passwords will continue to be the hackers’ favorite target unless something is done about it. They saw it as an opportunity to approach security in a brand new way. What if our everyday smartphone can be used to change the security and user experience landscape? That became the launching pad for HYPR.
Our global team comes from software, information security, and digital identity backgrounds to deliver security that’s meant for everyone. United by the common mission to create a passwordless world, we maintain a work ethic that prioritizes our customer’s success and growth.
HYPR looks forward to working with the security community to find vulnerabilities in order to keep our businesses and customers safe.
HYPR will make a best effort to meet the following SLAs for hackers participating in our program. Please expect responses Monday through Friday during EST business hours:
| Type of Response | SLA in business days |
|---|---|
| First Response | 5 days |
| Time to Triage | 10 days |
| Time to Bounty | 60 days |
| Time to Resolution | depends on severity and complexity |
We’ll try to keep you informed about our progress throughout the process.
Our rewards are based on severity per CVSS (the Common Vulnerability Scoring Standard). Please note these are general guidelines, and reward decisions are up to the discretion of HYPR.
All documentation for the HYPR platform is located at the HYPR Docs Website.
You can download these applications directly from their appropriate application stores.
#Out of scope domains support.hypr.com help.hypr.com partners.hypr.com
Any activities conducted in a manner consistent with this policy will be considered authorized conduct and we will not initiate legal action against you. If legal action is initiated by a third party against you in connection with activities conducted under this policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Thank you for helping keep HYPR and our users safe!