Responsible Disclosure Program

At Adda247, we believe that our products should be safe for all of our users. If you discover a security vulnerability in our platform, we appreciate your support in disclosing it to us in a responsible manner. Before reporting the vulnerability, please be sure to review our responsible disclosure policy. By participating in this program, you agree to be bound by these rules.

Reporting Guidelines and Rules:

  • To report a bug, fill out this form. We will get back to you within seven working days.
    Please include a detailed summary of the vulnerability, including the target, steps to reproduce the issue, tools used during discovery, and screenshots/ video. You can send a mail to
    security@adda247.com if you have any questions. Only emails sent to this email address will be considered valid for any questions regarding the Responsible Disclosure Program.

  • Only those reported bugs will be considered valid, which have been unknown to Adda247 and its subsidiaries.

  • Do not attempt to gain access to another user's account or data.

  • Do not brute force any of our services.

  • Your testing should not affect any service or user account.

  • Do not disclose a bug to anyone else other than our official email id security@adda247.com even not to our employees directly.

  • Adda247 employees and their family members are excluded from this responsible disclosure program.

Scope:

Out of Scope:

The following type of vulnerabilities are considered to be out of scope:

  • WordPress Blogs: bankersadda.com, sscadda.com

  • StudyIQ Blogs, other domains, and subdomains, other than those mentioned in the above scope list.

  • Phishing

  • Social Engineering

  • Denial of service attacks

  • Resource Exhaustion Attacks

  • Self-XSS

  • Clickjacking

  • User enumeration

  • Open redirect (Unless chained to show an impact)

  • Reports from automated tools or scans

  • Logout CSRF attacks

  • Missing or incorrect SPF/DMARC/DKIM records

  • Missing security headers that do not lead directly to a vulnerability

  • Missing Cookie attributes

  • Insufficient Session Expiration

  • Server information disclosure / software version disclosure / unhandled error messages

  • Rate Limit on emails/SMS sent (email/SMS bombing)

  • Lack of jailbreak or root detection

  • Best practice TLS/ SSL configuration

  • Issues that are related to partner applications/ third-party services

  • Any other issues determined to be of low or negligible security impact.

Rewards:

  • We will reward you with a Hall of Fame and Certificate of Appreciation for each valid bug report once issue is fixed.

  • Based on the severity and impact of the reported bug, we may give an amazon.in gift voucher.

*The decision to reward is solely at the discretion of Adda247 and Adda247 may choose not to provide any reward if we feel the vulnerability is not critical and/or the submission doesn’t follow any of the guidelines.

Legal Terms:

  • This program does not allow public disclosure.

  • Adda247 reserves the right to terminate or discontinue the Responsible Disclosure Program.

Hall of Fame:

We would like to thank the following people for helping us to secure our platform.

Thank you once again.

  • Lokesh Agrawal

  • Bhargab Kaushik

  • Finlay James

  • M. Arslan Kabeer

  • Mahima Mangal