Bonusway is a Helsinki-based growth company established in 2011. Bonusway offers cash rewards and online shopping inspiration for consumers.
Bonusway operates in 14 countries and is the market leader in Northern and Eastern Europe with 3.8 M users and 3 500 e-commerce partners worldwide.
Key Points of the Program
The specific targets in scope of the program are listed in the reporting portal. Please login: https://porkkana.hackr.fi.
We implement bug bounties using reponsible disclosure, which means you need to follow some rules. Please read the rules before taking part in the program. Here are some key rules:
- Please understand that it may take a while before we can implement a fix to the issue, thus it may take a while before we let you publish your findings. It also may be that some vulnerability reports will not receive permission to be published at all.
- When you submit a vulnerability report, include all information and details necessary to duplicate and verify the issue. If we can't duplicate the issue, we can not reward you with a bug bounty.
- Please act in good faith and do not endanger the availability of the service.
- Please follow the law while researching.
The rules list the do's and don't do's of the program.
Note especially these rules:
- Please follow the law.
- Code injections to the backend systems (for example SQL-injection) where the data in the backend is changed or deleted, or read in unnecessary quantities.
Code injections themselves are allowed, the limitation is the to the functionality and scope of the research and Proof of Concept code.
- Do not use heavy volume automated scanners, such as Nessus.
- Social engineering methods are not in the scope of this program.
- Denial of Service attacks are not allowed.
- Actions and methods that cause, or will probably cause, disruption to the business.
- Any actions that threaten the security of an individual persons.
The security and threat landscape is changing almost every day. Bonusway and Hackrfi Oy thank you for you work. We love working with you to make everybody more secure. We respect the time you have invested in this program, but also wish that you respect our service, response and fix times. Thank you!
Report a bug