EC-Council Bug Bounty Program

EC-Council welcomes all the ethical hackers across the globe to participate in the EC-Council Bug Bounty program and collaborate with us in enhancing the security of our infrastructure. While we do our best, sometimes, certain issues escape our attention and may expose our applications to certain exploits.

We believe in working with the research community across the globe as it is a crucial part of identifying and mitigating security vulnerabilities in our products and technologies.We understand that this process is both challenging and time consuming and as such,we incentivize security researchers who report security vulnerabilities in our applications. This enables us to provide a coordinated response and helps us minimize the risk to our constituents.

If you believe you’ve found a security vulnerability in any of our applications, we encourage a responsible disclosure and invite you to work with us to mitigate the vulnerability. This document outlines the scope of the Bug Bounty program.

Terms and Conditions

Target / Scope

All EC-Council’s websites including sub domains and any third party web properties inside EC-Council’s websites.

Out of Scope

Websites which are in beta/under development/staging sites and third party websites/services for which EC-Council acts as a subscriber for resource sharing.

Who can participate ?

If you are above 15 years, you are eligible to participate in the program. Candidates under the age of 15 should obtain a permission from their parent/guardian before participating in the program.

Security professionals working for an organisation should ensure that their organisation permits to participate in the Bug bounty program.


Vulnerability Title:

Vulnerable Domain/URL: Severity: low, medium, high (as per owasp top 10)


Proof-of-concept: private video, screen shots with explanation for the vulnerability

Impact of the vulnerability: Explain if this vulnerability can be exploited supporting the above proof-of-concept

Steps to reproduce the issue:


Bug Classes
The following are excluded from the reward program:
Responsible Disclosure


While finding bugs can be fun and educational, it also gives you the opportunity to get exclusive rewards.

When you find a security vulnerability, it gives us the opportunity to improve the experience for our users. Based on the severity of the issue that you identify and how they contribute to the enhancement of our applications, you will qualify for a wide range of exciting rewards mentioned here.

Note: EC-Council reserves the right to modify the program rules or cancel the bug bounty program without notice at any time. The final decision on bug eligibility and deeming any submission invalid will be made by EC-Council.

Violating any of the agreed policies would require the candidate to return any bounties rewarded for the particular vulnerability and disqualify them for future disclosures.

Rewards Severity
1) Certificate of Appreciation  All 
2) Inclusion in Hall of Fame  All 
3) 50% Discount on Any Courseware  Medium High
4) 1 year Membership Waiver  Medium High
5) 50% Discount on Any Exam  High

Report Bug

"*" indicates required fields

Please select your country from the drop down menu.
What is the subject of the request
Please enter the details of your request. A member of our support staff will respond as soon as possible.
Max. file size: 128 MB.