EC-Council Bug Bounty Program
EC-Council welcomes all the ethical hackers across the globe to participate in the EC-Council Bug Bounty program and collaborate with us in enhancing the security of our infrastructure. While we do our best, sometimes, certain issues escape our attention and may expose our applications to certain exploits.
We believe in working with the research community across the globe as it is a crucial part of identifying and mitigating security vulnerabilities in our products and technologies.We understand that this process is both challenging and time consuming and as such,we incentivize security researchers who report security vulnerabilities in our applications. This enables us to provide a coordinated response and helps us minimize the risk to our constituents.
If you believe you’ve found a security vulnerability in any of our applications, we encourage a responsible disclosure and invite you to work with us to mitigate the vulnerability. This document outlines the scope of the Bug Bounty program.
Terms and Conditions
Target / Scope
All EC-Council’s websites including sub domains and any third party web properties inside EC-Council’s websites.
Out of Scope
Websites which are in beta/under development/staging sites and third party websites/services for which EC-Council acts as a subscriber for resource sharing.
Who can participate ?
If you are above 15 years, you are eligible to participate in the program. Candidates under the age of 15 should obtain a permission from their parent/guardian before participating in the program.
Security professionals working for an organisation should ensure that their organisation permits to participate in the Bug bounty program.
Vulnerable Domain/URL: Severity: low, medium, high (as per owasp top 10)
Proof-of-concept: private video, screen shots with explanation for the vulnerability
Impact of the vulnerability: Explain if this vulnerability can be exploited supporting the above proof-of-concept
Steps to reproduce the issue:
While finding bugs can be fun and educational, it also gives you the opportunity to get exclusive rewards.
When you find a security vulnerability, it gives us the opportunity to improve the experience for our users. Based on the severity of the issue that you identify and how they contribute to the enhancement of our applications, you will qualify for a wide range of exciting rewards mentioned here.
Note: EC-Council reserves the right to modify the program rules or cancel the bug bounty program without notice at any time. The final decision on bug eligibility and deeming any submission invalid will be made by EC-Council.
Violating any of the agreed policies would require the candidate to return any bounties rewarded for the particular vulnerability and disqualify them for future disclosures.
|1) Certificate of Appreciation||All|
|2) Inclusion in Hall of Fame||All|
|3) 50% Discount on Any Courseware||Medium High|
|4) 1 year Membership Waiver||Medium High|
|5) 50% Discount on Any Exam||High|
"*" indicates required fields