Bug Bounties

EPAM Bounty

Powered by: 

Allows bounty splitting: 

Average time to first program response: 5

Average time to bounty awarded null: 2

Average time to report resolved: 319

Handle epam-bbp

Managed program: true

Name: EPAM Bounty

Offers bounties: true

Offers swag: false

Response efficiency percentage: 100

Submission state: open

Url: https://hackerone.com/epam-bbp

Website: http://epam.com

In scope:

  • Asset identifier: *.emakina.ch
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.emakina.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.emakina.fr
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.emakina.group
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.emakina.us
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.epam.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.lab.epam.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: *.lab.epam.com is a development staging environment, and please consider that fake PII data can be used there. We will accept the following vulnerabilities as valid submissions for *.lab.epam.com: * SQL/NoSQL injection * RCE * SSRF * XXE Injections * Path traversal * Stored-cross site scripting * PII leakage issues * Security misconfigurations with demonstrated security impact * Any other vulnerabilities that will give the possibility threat actor to read files from the server/execute commands/retrieve sensitive information
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.opensource.epam.com
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: *.projects.epam.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: 1135407607
  • Asset type: APPLE_STORE_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Disclosure of the credentials or confidential information
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: 
  • Eligible for submissions: true
  • Instruction: Leaks of credentials and confidential information from malware logs/dumps/intelligence services/public sources would be accepted as valid issues but won't be rewarded with a bounty.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: Subdomain takeover
  • Asset type: OTHER
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: Subdomain takeover will be awarded a 150$ bounty. Subdomain takeover will be rewarded for ONLY "In scope" targets. All others will be accepted as valid findings but won't be rewarded.
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: access.epam.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: anywhere.epam.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: cloud.epam.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: com.epam.connect.android
  • Asset type: GOOGLE_PLAY_APP_ID
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: examinator.epam.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical



  • Asset identifier: training.epam.com
  • Asset type: URL
  • Availability requirement: 
  • Confidentiality requirement: 
  • Eligible for bounty: true
  • Eligible for submissions: true
  • Instruction: 
  • Integrity requirements: 
  • Max severity: critical