Am I breaking the law by crawling a site that is participating in a bug bounty?

C

Chvalov2016-04-19 16:41:03

Burglary protection

Chvalov, 2016-04-19 16:41:03

Am I breaking the law by scanning sites for vulnerabilities that participate in bug bounty programs?
And am I violating if I crawl sites that are no longer participating or did not participate in the bug bounty?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

D

Dmitry K, 2016-04-27
@gospodinmir

As a rule, web applications participating in BB programs do not accept reports from automatic security analysis tools, but you can use them to search for and then interpret the results.
As for scanning resources that have not declared their participation in BB programs anywhere, well, everything is quite simple here - I like this analogy
: master keys - they don’t want to rob anyone, they just check the locks for reliability! :)

E

Eugene Burmakin, 2016-04-19
@Freika

As a rule, bug bounty participants clearly state in their rules whether automatic tools can be used to identify vulnerabilities.

F

Fixid, 2016-04-19
@Fixid

In many bug bounties, the addresses and ranges available for searching for vulnerabilities are clearly defined, everything else is at your own peril and risk.