Security

Responsible Disclosure

Report a vulnerability in ASecurity Global infrastructure

🔐

Found a vulnerability?

Report it to us directly — we respond within 24 hours.

📧 Report a Vulnerability →

Email: security@asecurity-global.com
Subject line: "Responsible Disclosure Report"

Our Commitment to You

We take the security of our own infrastructure seriously. If you discover a vulnerability in our website, APIs, or internal systems, we encourage you to report it to us responsibly. We commit to:

  • Acknowledge your report within 24 hours
  • Provide regular updates on remediation progress
  • Not pursue legal action against researchers who follow these guidelines
  • Credit you in our Hall of Fame (with your permission)
  • Work collaboratively and transparently with you throughout the process

Scope — In Scope

The following assets are in scope for responsible disclosure:

  • asecurity-global.com — Main website
  • vapt.asecurity-global.com — PtaaS Platform
  • Any subdomain or service operated by ASecurity Global

Scope — Out of Scope

The following are not in scope and should not be tested:

  • Third-party services we use (report directly to them)
  • Denial of service attacks or automated scanning at scale
  • Social engineering attacks against our staff
  • Physical security testing
  • Vulnerabilities requiring physical access to devices
  • Issues in end-of-life software we cannot control

Vulnerability Categories We Prioritise

🔴 Critical
Remote code execution, authentication bypass, data exfiltration
🟠 High
Privilege escalation, sensitive data exposure, SSRF
🟡 Medium
XSS, CSRF, information disclosure, broken access control
🟢 Low
Best practice violations, minor misconfigurations

What to Include in Your Report

To help us triage and reproduce your finding quickly, please include:

  • A clear description of the vulnerability and its impact
  • Step-by-step reproduction instructions
  • Screenshots, screen recordings, or PoC code (where applicable)
  • The URL, endpoint, or component affected
  • Your suggested CVSS score (optional but helpful)

Safe Harbour

We consider responsible security research conducted under these guidelines to be authorised. We will not initiate legal action against researchers who:

  • Report findings promptly and do not exploit vulnerabilities beyond PoC
  • Do not access, modify, or delete data belonging to our users
  • Do not disrupt our services or degrade user experience
  • Keep findings confidential until we have patched them
  • Follow these responsible disclosure guidelines in good faith

Hall of Fame

We maintain a Hall of Fame recognising researchers who have responsibly disclosed valid vulnerabilities. With your permission, we will credit you publicly. Contact us if you would like to be listed.

No Hall of Fame entries yet.

Be the first to responsibly disclose a vulnerability and earn your spot.

Privacy Policy Terms of Service Contact Us