security.ac.nz Register

Secure your Cyber, 24 & 25 Aug 2019

security.ac.nz Bug Bounty

Partiticpation

To participate in this bug bounty, you must be a student enrolled in the School of Engineering and Computer Science at Victoria University of Wellington. This is due to having agreed to the acceptable use policy of the School computer system. The bug bounty program will only be open during the security.ac.nz event, and after the conclusion of the event students should not be attempting to do any unauthorised security testing. By participating in this event, you are agreeing to the scope and ethics requirements set below.

Ethics

Bug bounties are a tool that can be used by organisations to determine security issues present if any. Usually, unauthorised security testing is illegal under New Zealand law, but the university is generously allowing students to perform testing under controlled situations as part of the security.ac.nz event. Students must agree that any security issue found is to be reported, and best effort is taken to not abuse the computer systems without authorisation.

Scope

The scope for this bug bounty is anything running on the ECS network, defined by being part of the following IP ranges:

Take care to not perform any tests against systems not in the above scope.

The following issues are outside the scope of our vulnerability rewards program (either ineligible or false positives):

Reporting

Take good care in writing up your finding. If you are unsure whether you have found an issue, don’t hesistate to ask us. A well written report is an excellent way to get across the details of the issue you have found. Examples of what your report should include:

You can make a report at https://forms.gle/qZLz4QNzKc3ybv8L6

Prizes

There are some prizes available to award to some participants of the bug bounty. These may be for a really good writeup, a good finding, or some other critiria.