Vulnerability Reporting Policy

At Appzi, our commitment is to provide our customers with the highest level of security for our services. To support this goal, we actively encourage security researchers to report any vulnerabilities they may discover within our platform.

We value the contributions of security researchers who dedicate their time and expertise to help us improve our security posture. If you believe you have identified a vulnerability or other security issue in our platform, we invite you to reach out to us. We are committed to working collaboratively to resolve any reported issues.

Legal Perspective

  • Compliance: We ask that you always adhere to your local laws. We explicitly reject any form of criminal activity.
  • Third-Party Code: Our platform utilizes code from third-party sources. As such, we cannot grant permission to research any components of that code.
  • Cloud Services: Any attempts to hack or test the security of our cloud services are strictly prohibited.

Non-qualifying Vulnerabilities

The following vulnerabilities are considered non-qualifying and are prohibited from submission:

  • Discovering vulnerabilities in applications or systems that are not listed in the scope of this policy.
  • Conducting Denial of Service (DoS/DDoS) attacks.
  • Executing Brute Force attacks.
  • Engaging in Social Engineering attacks.

The following types of vulnerabilities will not be considered for further review if they do not demonstrate a sufficient security impact:

  • Missing HTTP security headers
  • Missing cookie flags on non-sensitive cookies
  • User enumeration on our public sites
  • Reports generated by automated scanning tools

Only vulnerabilities with demonstrable security impact will be reviewed.

Submission Format

When reporting a potential vulnerability, please include the following information to help us reproduce the issue:

  • A detailed description of the vulnerability.
  • The tools you used during your assessment.
  • The target system or application.
  • A clear outline of the processes followed and the results obtained.

We encourage you to attach any relevant artifacts that support your findings. While not required, if you have recommendations for remediation, we welcome your proposed solutions.

Disclosure

We kindly ask that you refrain from publicly disclosing any technical details regarding vulnerabilities you identify. This allows us the opportunity to address and fix the issue first. We aim to work collaboratively with you to establish a reasonable timeline for disclosure.

Contact

Before submitting a report, please review our Coordinated Disclosure Guidelines. You may send any vulnerability reports to: support@appzi.com.