Headquartered in Dublin, Ireland, we started ZSdev to offer you our 6+ years of experience creating and maintaining online content. Our history is deeply rooted in cyber security so you can rest assured that the security of our products comes first. ZSdev will deliver the website/platform your business needs to compete in today’s ever-changing landscape. View our portfolio or contact us today!
Currently, only the main ZSDEV website zsdev.com is included within the scope.
All subdomains on the zsdev.com are included too (*.zsdev.com).
Do NOT run automated scans with tools like ZAP, Burp Scanner, Acunetix and such. You will not be awarded a bounty if we detect that you used automated tools even if you report a valid bug!
All domains/subdomains/subnets not explicitly stated as in scope are considered out of scope.
The following vulnerabilities are considered out of scope:
- Social engineering attacks.
- Brute-force / dictionary attacks.
- Non-sensitive Clickjacking.
- Non-sensitive CSRF (login / logout).
- Vulnerabilities without a POC (Proof of Concept).
- Physical access dependent attacks.
- MITM dependent attacks.
- Best practices in SSL/TLS configuration, implementations….etc
- Industry standards and policies.
- Disruption of the service or to the website (for example, DoS attacks, mass scans …etc).
- Rate-limiting issues.
- Automated reports from tools like nmap, Nessus …etc.
Please ensure the submitted vulnerabilities / bugs are reproducible.
Provide as much information as possible and add screenshots when needed. Clear reports get validated quicker, and therefore you’ll get your bounty faster.
Do not share any information / data related to the tests you carry out without permission from ZSDEV.
- Low – $50
- Medium – $200
- High. – $600
- Critical. – $1000
Submitted reports will first be reviewed by a member of the Bug-Bounty.com team to validate it, determine its servility and suggest an appropriate bounty to the program creator. The report will only become visible to the program creator once they reward you. Bug-Bounty.com reserves the right to make the final decision on the severity of the submitted bugs and their worth. To give you an idea, below are some common vulnerabilities and the categories they usually fall under.
Please note this list is not exhaustive. It is up to the reviewer to decide the category the discovered bug falls under. Depending on the actual bug a low vulnerability can be deemed high and vice versa.
- Minor information disclosures.
- Broken session management.
- Non dangerous CSRF.
- HTML injection.
- Open redirect.
- DOM XSS.
- Broken session management.
- Sensitive information disclosures.
- Dangerous CSRF.
- Invalidated redirects.
- Reflected XSS
- Vulnerable authentication.
- Privilege escalation.
- Stored XSS .
- Local file inclusion.
- SQL injection.
- Remote file inclusion.
- Remote code execution.