Microsoft today launched the Microsoft Online Services Bug Bounty Program, offering security researchers rewards for submitted vulnerabilities. The program encompasses the various Online Services provided by Microsoft, and bounties for qualified submissions start at a minimum payment of $500, with more offered depending on the impact of the vulnerability.
Eligible submissions include vulnerabilities of the following types: Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), unauthorized cross-tenant data tampering or access (for multi-tenant services),
Insecure direct object references, injection flaws, authentication flaws, server-side code execution, privilege escalation, significant security misconfiguration. That being said, as with any such program, bounties are only paid out at the discretion of the company.
Any of the following domains are available for hacking as part of the program:
- portal.office.com
- *.outlook.com (Office 365 for business email services applications, excluding any consumer “outlook.com” services)
- outlook.office365.com
- login.microsoftonline.com
- *.sharepoint.com
- *.lync.com
- *.officeapps.live.com
- www.yammer.com
- api.yammer.com
- adminwebservice.microsoftonline.com
- provisioningapi.microsoftonline.com
- graph.windows.net
Microsoft says it plans to bring more from its online services groups into the program. The goal is the same as with any bug bounty program: uncover unknown issues to protect customers as quickly as possible.
More to follow.
from The Next Web http://feedproxy.google.com/~r/TheNextWeb/~3/hU9FxsZAI28/
via IFTTT
0 comments:
Post a Comment