Get access to 30+ marketing and SEO tools. analyze competitors, keywords, and backlinks for free..

We use cookies to make Serpstat better. By clicking "Accept cookies", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. Learn more

Serpstat White Hat Bounty Program
Thank you for paying attention to our service.

We value and reward security experts who report vulnerabilities in our services, thereby helping us ensure the security of our users.

If you think that you have discovered a vulnerability in our service, please immediately inform us of this. We will review all reports and do our best to quickly fix the issue. Before reporting an issue, review the content of this document, including explanations of the responsible disclosure policy, reward policy, and scope of the program.
You give us enough time to analyze and resolve the issue you reported before publishing your report or sharing this information with others. Do not interact with any individual accounts (including modifying or accessing the account data) without the consent of their owners.
1
2
3
Responsible Disclosure Policy
If the issue you reported to Serpstat complies with the rules below, we will not initiate any legal action against you and will not involve law enforcement agencies to investigate. We ask that you do the following:
You make an effort in good faith to avoid privacy violations and disruptions to others, including (but not limited to) unauthorized access to or destruction of data and interruption or degradation of our services.
You must not intentionally violate any applicable laws or regulations, including (but not limited to) laws and regulations prohibiting the unauthorized access to data.

4
5
You do not exploit a security issue you discover for any reason other than for testing purposes, and you do not conduct testing outside of your account, a test account, or another account for which you have the explicit written consent of the account owner to test. (This includes demonstrating additional risks, such as the risk that the security issue could be used to compromise sensitive company data or another user's account.)
You are not authorized to access user or company data including (but not limited to) personal data.

Monetary bounty for vulnerability reports remain at the discretion of Serpstat and depends on the risks and impact of the issue on the operation of services and other factors.

To be able to receive a reward, it is necessary to fulfil the following requirements:


Vulnerability Reward Program Terms
  1. Adhere to a responsible disclosure policy (see above).

  2. Report a security bug: that is, identify a vulnerability in our services or infrastructure which creates a security or privacy risk.

  3. Remember that the degree of risk is determined by Serpstat and many software issues do not create security vulnerabilities.

Vulnerability Reports And Their Contents
A detailed description of the vulnerability.
Conditions and an example of reproduction and/or operation in the most accessible way, including screenshots if necessary
List of tools used (e.g. security scanner, version, browser).
Your report should contain:
We have deliberately excluded some types of potential security issues. See the "Program Scope" section below.

If during the investigation of the vulnerability you inadvertently violated the confidentiality or work of other people (for example, you gained access to account data, service configurations or other confidential information), you must indicate this in your report.

When researching vulnerabilities, use test accounts. If you cannot reproduce the issue using a test account, use a real one (but not for automated testing). Do not interact with other accounts without the consent of their owners.

Please send your report to support@serpstat.com
We investigate and respond to all valid reports.
1
2
3
In turn, when evaluating your reports, we will adhere to the following rules:
We receive a lot of reports, therefore, we first study the most important for risk and other factors. As a result, we may need some time to respond.
In the event of the receipt of several reports on the same issue, the reward will be received by the person who first reported it. (Serpstat's specialists determine whether the reports are duplicated and do not inform the people who sent them about other reports.)
4
We reserve the right to publish reports (and the updates accompanying them).
Reward Amount
The amount of the reward depends on several factors, including the impact on the operation of the service, ease of use of the issue, and the quality of the report, but not limited to them.

The maximum reward amount is $100 or a paid subscription to Serpstat services for an equivalent amount.

For the identification of issues with a very low level of risk, a reward may not be provided at all. One reward is paid only to one person.

We verify that all bounty rewards are permitted by applicable laws, including (but not limited to) US trade sanctions and economic restrictions.


Program Scope
It is forbidden to make any manipulations with any request sent to the site from your device, or otherwise, interfere with the normal operation of the site in connection with the submission of your report.

(For example, SQLi, XSS, open transitions and permission bypass vulnerabilities (such as IDOR) are completely excluded from the program.) Also, you are not allowed to access data or use any access token of any Serpstat account, except your own.


Out of scope and False Positives
Spam and social engineering techniques.
Denial of service attacks.
The program does not apply to security vulnerabilities in third-party applications and services integrated with Serpstat.
Erroneous result.
Serpstat — Growth hacking tool for SEO, PPC and content marketing

Was born and developed in SEO and PPC agency
Netpeak in 2013. From 2015 – fully independent.
Open support chat

Share this article with your friends

Sign In Free Sign Up

You’ve reached your query limit.

Or email
Forgot password?
Or email
Optional
Back To Login

Don’t worry! Just fill in your email and we’ll send over your password.

Are you sure?

Awesome!

To complete your registration you need to enter your phone number

Back

We sent confirmation code to your phone number

Your phone Resend code Queries left

Something went wrong.

Contact our support team
Or confirm the registration using the Telegram bot Follow this link
Please pick the project to work on

Personal demonstration

Serpstat is all about saving time, and we want to save yours! One of our specialists will contact you and discuss options going forward.

These may include a personal demonstration, a trial period, comprehensive training articles & webinar recordings, and custom advice from a Serpstat specialist. It is our goal to make you feel comfortable while using Serpstat.

Name

Email

Phone

We are glad of your comment
Upgrade your plan

Upgrade your plan

Export is not available for your account. Please upgrade to Lite or higher to get access to the tool. Learn more

Sign Up Free

Спасибо, мы с вами свяжемся в ближайшее время

Invite
View Editing

E-mail
Message
Optional
E-mail
Message
Optional

You have run out of limits

You have reached the limit for the number of created projects. You cannot create new projects unless you increase the limits or delete existing projects.

I want more limits