Wamba
External Program
Submit bugs directly to this organization
Wamba
Wamba invites you to take part in Wamba Bug Bounty Program, which aims to search for possible vulnerabilities of our service. We give a reward for each vulnerability found, and add the names of users who successfully found them to our Hall of Fame.
Present and former company staff as well as their relatives and friends are not allowed to participate in the programme.
We accept reports of various types of bugs in the Wamba Web Service and mobile applications for iOS and Android. These may include:
This list is not complete – if you find any other bug that could compromise Wamba service user data, or prevent it from working – make sure you tell us about it.
We subdivide our services into critical and other services. To critical services we refer user authorization, personal users’ data storage and payment system.
Critical services:
Other services:
In special cases the reward value for disclosure can be increased. Payment to non-Russian citizens is possible only via PayPal. Please note that only the first who reported the problem gets the reward.
We expect adherence to the principles of responsible disclosure by the users who search for vulnerabilities on the Wamba service. This means that a person who discovers a vulnerability and reports it via the form will not disclose information about the vulnerability to third parties whilst the bug is being fixed. Members of the program should not in any way disclose information that has been obtained as a result of their research. This includes users’ personal data, as well as any other information that could affect the Wamba service.