-
Notifications
You must be signed in to change notification settings - Fork 1
Tester Guide
1toldyou edited this page May 16, 2022
·
16 revisions
Thank you for participate in our beta testing program
Steps:
- Use our product(s)
- Found a bug or issue or vulnerability? Take screenshots when you reproduce it
- Create GitHub Issues in the master repository using the template
- If you did hacked our server or someone else's account, please report what exactly you did so we can restore these affected/junked data
- If you didn't found anything, you should still provide some evidence that you worked on this
Here're some tasks or example of vulnerabilities to looking at:
- Backend server's real IP address (but don't post it publicly if you found it)
- Unsensitized user-input
- Remote code-execution/file-inclusion
- View other user's non-public information
- Return back harmful data to user (e. g. XSS, cookie-stuffing)
- Overloading the server with few requests
- Or just looking at our codes to find some terrible designs and explains why they're bad
But the scope not including these following:
- Not Implemented features If we not yet announce a new feature that means is not finished and we still improving it
- Social Engineering You should not look at our screen or password manager to steal the token!
- Brute Force You don't have a massive botnet or quantum computer to do this computation, well actually the 1C2G server would already not responding
- Excessive Requests/Stress Test Unfortunately some service we used is consumption-based so we don't want to run out of credits in free tier. IN EXTREME CONDITION WE MAY BAN YOUR IP
- Demo Data There are some account with publicized credential for demonstration purpose