Do | Don’t |
---|---|
Use only your own Appcharge test accounts. | Modify, delete, or exfiltrate data that isn’t yours. |
Limit automated tools to ≤ 15 requests/sec and set your User-Agent to appcharge-bugbounty-your-email@ . | Run brute-force, denial-of-service, or resource-exhaustion attacks. |
Probe our services responsibly. | Target Appcharge employees, customers, or facilities (no social engineering, phishing, or physical intrusion). |
Heads-up: Scans with high QPS trigger automatic blocks. Reinstatement can take time, so please configure it correctly.
Severity | Reward (USD) |
---|---|
Critical | $1,000 – $2,000 |
High | $800 |
Medium | $500 |
Low | $100 |