Join top banks and insurers using Unqork to build AI-powered apps without code or tech debt. Unqork: Build enterprise apps 4x faster, 10x more secure, at a fraction of the cost.
External Program
Submit bugs directly to this organization
Vulnerability Disclosure Program Unqork is in the business of developing secure no-code solutions. We appreciate any effort done by security researchers to discover and responsibly disclose potential vulnerabilities. Depending on the severity of the issue, we may elect to provide a reward or add your name and social media contact to our hall of fame.
If you would like to report a vulnerability in one of our products or services, or have security concerns regarding Unqork software or systems, please email [email protected].
To support a timely and effective response to your report, please include the following:
Unqork takes all vulnerability reports very seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it. After an initial reply to your disclosure, which should be directly after receiving it, we will update you periodically with our response and remediation status.
Scope Vulnerabilities associated with the below domains or the Unqork No Code Platform is within scope.
*.unqork.com
Below are the list of vulnerabilities that generally qualify to receive a reward or hall of fame:
Out of Scope Testing should not be conducted against any of our customer environments or against our employees. If there is any evidence of malicious activity, we reserve the right to reject any recognition or rewards associated with the report. Do not perform automated scans against the environments in scope, any findings from automated scanners are not in scope.
Vulnerabilities associated with the below domains or the Unqork No Code Platform is not within scope.
Security issues related to Unqork-owned domains/properties that we have already assessed for risk and will address in future are generally out of scope and include the following:
PGP Public Key It is highly recommended to use Unqork's PGP key to send reports to us. Below is our public key:
-----BEGIN PGP PUBLIC KEY BLOCK-----
xsFNBGLYNsUBEADeRaQQJR0H6Zyjm3MMSoNX5ZsbjR38kVQ0wJINVk3a13b6 HQ+m6NWVS2HzbR5GtsWZIiy4JjhmD7e+hqMhSr10hEX9GKhO46HO/uuy943A o+E4529CpRe/POKU1Tj5htgauCfq2eMqswRHej20wCF/ctRjA+inSFh5MgmT UOLtsJZt/PjU5HSwDI1YyqJnwhl04IgwUQe+5jA0an0W3cFlh6J+p8Q8D55v EIhGHnGRh/Rkr8Zue21yTAvhC7TqhOCmfUaXcUQse5/rsYGsEC+LmPantYWo el8ca3W9p/gPcOI60roU7fXtiHWV8h++lzZMwX8wK45+d817IWKsl5ZuyIRA nfvu4ph66LoAEXGrU6sv/sW8LsCdkizhvi9kypPciaQ3K+KAhIhg7gkKM0Ed A6lvph2YmXDaKpMzJgk6RSZRHObFBy9lg7p7T7UhhIvAIhAG/mJ4IYflpLrw uGivinKO9aN5WBTXUamPG0aFrUvEN6jE7sXyVW6a+TWycJe3Nb5yUqnmT+QO oYX4ftKtpneU97opwo1YinvNC3LmC51xEu9TuUXnMntmFaLoNV1l9AWXVkq3 z96bVjFlfuBWPYxTva3NXvIy+CxNLzw8+bnvKzvqREGlDtWsSHoGUnpIAs0S Ngmf7L/Rhx/XmMu6ONa2YYDjHpNarljRBNEIJwARAQABzSNQcm9kdWN0IFNl Y3VyaXR5IDxwc2lydEB1bnFvcmsuY29tPsLBigQQAQgAHQUCYtg2xQQLCQcI AxUICgQWAAIBAhkBAhsDAh4BACEJEB00CcQVQjGMFiEESdsg76MjLYHgSE/7 HTQJxBVCMYzlQA//Q2jq1oNvxRsew52iX9RQE2uWiq1UQ1jFkzp04fy84UeG IfTYRKckKiEfkJSNi6UhKTNdNi+EyOIuKEPaK71cwC3KjTumfR+67XNtTTce rs7armYkY03FDRMAFiAnG6gJs4Gaf5E6t/wvEmqd7eSP6v0lNi9J9wihK2ZB cJSVHf+07nWG3dyS8wBNxQVfxtKNTE2S7OsjV9aE/aJz+f0XUSPpBvozeQgI /GiOz0zaarke2TYPMOtZsI+pGxFIRb5nXg1SGdTQIoRULzTzQAe8I2uB3tXC 3R0lSOI84T9857TDMsGYH43PhPzAnY9L2dKM1GYXUobvoeAHCWgGHsDBR2LU nJNeE5RaeyTyHuNCjpMhBoHtK5Tv+xGNuAg28iDVRqfdqp/CtfQ5HDFZMfGg Xjbioh6pLwbtS83j1IiBT6zTzAXTMabwIIVYkKNV8rZ71FSrFfXMxZhMw4+F j/EcY10bQwDWzNPH8LJej00K336fY/oXmpdiWf8gqU8Jn4PvRhdzKqdT6JWL ZQFo6hUUtSF65WAHLaWZXpqnwvteX5LCxe31B6P1ySMdfjZIvksqVjRRkNRG y5fMcH0WEqVJ3WOK1G2KkFyDz+ifY5GbbAxCtH6kDNPxpMiyQAA+pRRvIwi3 HZFE8/dv6WN6s65S719U9x2iES265RtDWuDa2NbOwU0EYtg2xQEQALw3p70X cpSMvijMeI7ZtIITJzWEKwA5t4LVUWOrzum7mYFJNG4wlmsnIKTd2087x9AN JTwdmzhHjyBnHmmQEwEDiyg5txXgo7cZiikV/0AwvdYqwfnw+o73gd9A1ak6 aXhLqXDdCpaqyJE4akqXUuRqO2KxE8rG/6uaoIKnr8WvvMAFBPrRUtilXSfJ 19kqwTi6vwB9TE65o1yfc4vzqXqDs6V1bH3HQ45mX/KV4lXf8sHY3LQdnsV2 TefSQp+vGVgkYmZwC95dtWIMX6R+JfIHEypgiOmfJqy3JjuMn9PultEbpwzP gSpo5ogPah+YNmT12tN1COkj4hz3O67gi3LHIvm7ca2XUV7MsqGAIgi/DncZ Ndn6xnAGBgHmkJrhJq3IETELWpCGDsBzdpYFzlTM/IfEjaLYO1/uTgR6R8zV BZTDWcaLXKZ0vxsOUZUi/eoIBVtF4BL1+CALIwvLUs7tXNhRB9+Fi4HhzB/y xcW2et90djbK0YqTmU4CYNzKXIWRzSe5JrRj/QhlIr6b3g823Lwc/fZjNqBk s4JLVYoxhGI4v+Q8GZ1zKfuXJGJvIvHyUSh6y8wqeD2UjqSvwph8doz3/YuF 7faHJYPfng8ZD7ZIil8xS6w2A9YG+fBXZlqHvQAi+vcG0AKRkB0LY3n4O6kW HvFbcVvHFGqVzwX1ABEBAAHCwXYEGAEIAAkFAmLYNsUCGwwAIQkQHTQJxBVC MYwWIQRJ2yDvoyMtgeBIT/sdNAnEFUIxjOy/D/4nM34OuwFmDv3GRq5VBAAq 8UEoBKvdPpVsw27IMFqMQxCkBjNH5ZasYqc+4evktqjdM/1Li2DS8p/ZUMRC MWRcoX1/CzAaGNJMnEZmCiHu84aTwnNLxve4ehGhcXMlckRx//tt6HURzq9f /i6oMZLc6xIAMQb9mvMq9aG1clyGkHW+SR1o9l3b7H37+a4eXnZa7OaoayBL YIGV8kBooZUREQAmcjAHB8bM3jJ4seKYgLaEqf5BpC0N7oSrce4UC0SC0Gjg 7WUbRXVRWmBipV4xsA6ukgS0kXofXSovPSmt/z4Spp2rmjLfzj4mHuRApu27 8tp4wVeh3BnHjwCWlCp9SemLodHw1Za0LOmRWhsV4dfp+kwO/fuDerwsX3Lh aQ5JOSXIPxmTVjeub1weEJ6Cq2AANfP4tGlWkCQw2d+j+lHry6F92EQ2suAm i2zI0ayxP8v9jF44D1lziDnK8JvKvVBHtuN1Xk3vV5iGaLEAT08c5U+e3IY4 tI/w5te+bNOjoyPapfQrYlMkXe2ZWYh0OOqrry1ebSR0bdNv3f3HgxjYq0JY 5nhmuVX3la/m9lXNpZmjRlNOInhYN9qZWoSSVpQqAaSzF/bnXU5qU/l27Zv9 quq8bWkfP2GWo2sjqwJorCrjIW/RD950hcZzPwJ1tL/rQkwd9GNYEx8YzRO0 wg== =FiVd -----END PGP PUBLIC KEY BLOCK-----
Disclosure Policy We are unable to issue rewards to individuals who are on sanctions lists, or who are in countries on sanctions lists.
This is a discretionary rewards program. You should understand that we can cancel the program at any time and the decision as to whether or not to pay a reward has to be entirely at our discretion.
Your testing must not violate any law, or disrupt or compromise any data that is not your own. Vulnerability reports must be kept strictly confidential between yourself and Unqork.
Do not use the vulnerability to exploit more than necessary to demonstrate the vulnerability.