Bug bounty programs of Indian websites & others open for Indians

Paytm started off as a site that offers online recharges for mobile phones but now provides a online bill payment service for public utility services as well as online shopping. As per this Quora thread there aren't any bug bounty programs in India but Paytm appears to be among the first to offer an incentive for researchers to report bugs on their site.

* Paytm expects researchers to find bugs only within the scope below:
- Remote code execution
- Cross Site Forgery Protection
- Cross Site Scripting
- Cross-Site Script Inclusion
- Flaws in Authentication/Authorizations
- Denial of Service

..and highlights the things it does not want to receive:
- Personally identifiable information (PII)
- Credit card holder data

* OYO lists areas in scope for a bug bounty

Mobikwik has a bug bounty program for all their Web and Mobile application platforms. The minimum bounty they offer is ₹1000

With the growing popularity of e-commerce and Internet in general, other companies may also start offering bug bounties.

Other popular sites offering bug bounties that are open to Indians -

Facebook - India, which has over 142 million Facebook users, also holds top rank among 127 countries in terms of researchers contributing to its bug bounty program. India, which has over 142 million Facebook users, is also home to the largest population of security researchers (205) participating in the Facebook bug bounty program, since its inception in 2011

* The Internet Bug Bounty rewards friendly hackers who uncover security vulnerabilities in some of the most important software that supports the internet stack. The program is sponsored by Facebook Inc and Microsoft Corp with assistance from a Google Inc security expert, who helped develop the program and will sit on the panel that will evaluate submissions.

* Apple offers $25,000 for ways around Apple’s digital compartments and into its customers’ data, $50,000 for bugs that give hackers a way into iCloud data, and $200,000 to turn over critical vulnerabilities in Apple’s firmware — the software that lies closest to the bare metal of the machine.

If you know of any other Indian websites that offer a bug bounty, please leave a comment.

Also see: List of bug bounty and disclosure programs from across the web curated by Bugcrowd researcher community

Last updated: 27-Sep-16

Comments