Infrastructure and Security

RebelMouse’s Security Bug Bounty Program

RebelMouse’s Security Bug Bounty Program

At RebelMouse, the security and privacy of our clients is of the utmost importance. We work around the clock to maintain an infrastructure that's secure and shielded from any potential vulnerabilities. Click here to learn more.

To strengthen our commitment to security, RebelMouse offers a bug bounty program. If you believe you've found a security issue on our site, or any of the sites we power, we may compensate you for your discovery. We look at all submitted reports, and if we agree that it's a valid finding, we'll pay $250 for each one.

Here's more information about what qualifies as a security vulnerability and how to report a bug:


Qualifying Vulnerabilities

To classify vulnerabilities, we use the OWASP Top 10 as a guideline, which is published and maintained by The Open Web Application Security Project (OWASP). This includes:

  • Remote Code Execution (RCE)
  • SQL Injection
  • Local-Remote File Inclusion (LFI/RFI)
  • XML External Entity (XXE)
  • Broken Authentication (2FA Bypass, etc.)
  • Sensitive Data Exposure
  • Cross-Site Scripting (XSS)
  • Security Misconfiguration
  • Using Components With Known Vulnerabilities (With Examples)
  • Server-Side Request Forgery (SSRF)
  • Сross-Site Request Forgery (CSRF)
  • Insecure Direct Object References (IDOR)
  • Flood-Control Bypass
  • Privacy Bypass
  • Other Injections

Non-Qualifying Vulnerabilities

  • Reports from security scanners and other automated systems
  • Vulnerability reports based solely on software/protocol versions without a valid proof of concept
  • Reports about missing protection mechanisms or mismatched recommendations (for example, the absence of a CSRF token) without referring to a concrete negative consequence
  • Logout CSRF
  • Self-XSS
  • Framing
  • Clickjacking
  • Reports about Open Redirect
  • IDN homograph attacks
  • Attacks that require complete access to a user's page or browser profile
  • Vulnerabilities within third-party services

Strictly Prohibited

  • DDoS attacks
  • Social engineering
  • Gaining physical access to the servers/infrastructure
  • Threats/Harm to company employees

Moreover, such actions will be prosecuted to the fullest extent of the law, without exception.

Report Recommendations

When writing your report, be sure to include the following to increase your chances of receiving a reward:

  • The domain containing the vulnerability
  • The type of vulnerability
  • Examples of exploiting it, captured by screenshots or screencasts
  • Methods of reproducing the vulnerability
  • What impact the vulnerability has
  • Recommendations for fixing the vulnerability

Rewards

  • The standard reward is $250 USD per bug/vulnerability
  • The reward will only be given to the first researcher that reports a previously unknown vulnerability
  • We consider the exploitation of discovered vulnerabilities to be extremely unethical, and we will not provide a reward in such cases

Domains That Are Out of Scope

  • *.rbl.ms (except static.rbl.ms and res.rbl.ms)
  • *.rebelmouse.com (except www.rebelmouse.com)

If you have a security bug to submit to our program, please email bugbounty@rebelmouse.com for a submission form. Once the issue is evaluated and deemed to be valid, we will contact you about your reward. Good luck hunting!

What Is RebelMouse?
Request a Proposal

Where 
Websites Are Built

The Fastest Sites in the World Run on RebelMouse

Let’s Chat

new!

RebelMouse Performance Monitoring

Real-Time Core Web Vitals

Get Started
DISCOVER MORE

Our Core Features

Our platform is a complete digital publishing toolbox that's built for modern-day content creators, and includes game-changing features such as our:

animate
Layout and Design toolLayout and Design tool on mobile
animate

Why RebelMouse?

Unprecedented Scale

RebelMouse sites reach more than 120M people a month, with an always-modern solution that combines cutting-edge technology with decades of media savvy. And due to our massive scale, 1 in 3 Americans have visited a website powered by RebelMouse.

120M+ Users
550M+ Pageviews
17+ Avg. Minutes per User
6+ Avg. Pages per User

Today's Top Websites Use RebelMouse

Thanks to the tremendous scale of our network, we are able to analyze a wealth of traffic data that informs our strategies and allows us to be a true strategic partner instead of just a vendor.

upworthyindy100Vault12No Film SchoolRawStoryResponsible StatecraftPrideRolling Stone QuebecPremierGuitarPenskeINN Educate Brand ConnectThe FulcrumGZEROOkayafricaBrit+CoPaper MagazinePowerToFlyNarcityCommonDreamsAllBusiness

What Clients Say

We’re here to help you weigh and understand every tech and strategic decision that affects your digital presence. Spend less time managing everything yourself, and more time focused on creating the quality content your users deserve.

Case Studies

A Team (and an Agency) Built Like No Other

RebelMouse employs a unique, diverse, and decentralized team that consists of 70+ digital traffic experts across more than 25 different countries. We have no central office, and we cover every time zone to ensure that we’re able to deliver amazing results and enterprise-grade support around the clock.

Our team is well-versed in all things product, content, traffic, and revenue, and we strategically deploy ourselves to help with each element across all of our clients. We thrive on solving the complex.

Let's Chat