Filter & Validation
Now of course you will ask, is Gerobug secure? Well of course the obvious answer is that nothing is 100% secure, lol. But we are confident that Gerobug is 99% secure.
We have implemented filter and validation by default to prevent security issues within Gerobug.
Accepted Email Format
Gerobug will only accept specific email format, other than this format the report will be ignored. The bug hunter will also receive notification if the email they sent are invalid.
You can see the accepted email format at http://[Your gerobug domain]/submit
which are:
Submit Report
Subject: SUBMIT_Report Title Body: TYPE= Bug Type ENDPOINT= Affected Endpoint SUMMARY= Summary Attachment: *PDF Report File* (Report Template)Title -> Max 150 Characters Bug Type -> Max 100 Characters Endpoint -> Max 150 Characters
Check Report Status
Subject: CHECK_Report IDCheck Report Status Overview
Subject: STATUS_OVERVIEWUpdate Report (Request Amend)
Subject: UPDATE_Report ID Body: Summary Attachment: *PDF Report File*Submit an Appeal
Subject: APPEAL_Report ID Body: ReasonsSubmit an Agree
Subject: AGREE_Report IDSubmit NDA
Subject: NDA_Report ID Body: Requested Information Attachment: *PDF Signed NDA File*Check Score
Subject: MY_SCORE
Validation
Gerobug will validate files received from bug hunters, if the file is invalid (not pdf) then the report will be ignored (not saved).
What if someone submitted a malicious PDF? Well since the submission is through GMAIL / OUTLOOK, malicious files are usually filtered first (Risk transfer).
User Authorization
Bug hunter may only check, update, or do anything to their own bug reports according to the email address. For example, user1@email.com can't do anything to report ID owned by user2@email.com (vice versa).
Bug hunter also can't submit any update, appeal, agree, NDA without prior request from the company / organization.
Email Blacklisting
As mentioned before, Gerobug able to block and release emails with spam activity.
Last updated