Bug Bounty - UE-Varna

About the program

Why does such a program exist?

We may not realize it, but almost every action we take is tied in some way to digital information and its management. In our role as creators of the systems and programs of the University of Economics - Varna, we from the team of CRANICT strive to create another facilitation or optimization. But accustomed to human imperfection, we can inadvertently miss a check or part of an algorithm that exposes personal data to external attacks. The goal of this program is to create a quick channel where anyone can put on their white hacker hat and tell us how to make UE-Varna's systems more secure. We want to know if the protection of our sites is strong enough and if a malicious user can access information that could harm us. If you think computer security is your strength, see how you can win a prize by helping us find a potential vulnerability.

Scope of Services

While every single system is important to us, finding security holes on the following university platforms is a priority for now:

How does the program work?

Once you find a bug, report it using the form at the bottom of the page
As soon as possible, we will look into the problem in detail and try to find a solution
We will let you know about the resolution of the bug and ways to claim the prize won

What do we mean by "bug"

Exposure of sensitive data - Cross Site Scripting (XSS), SQL injections, etc.

Vulnerabilities related to authentication or session management;

Execution of code on a server (Remote Code Execution).

Another type of vulnerabilities that do not correspond to the above categories, but nevertheless pose a risk to the personal data of the users of the systems.