Responsible Disclosure Policy

We value the security research community and welcome responsible disclosure of any vulnerabilities that may be found in our systems.

Our Commitment to Security

As a security consultancy, we understand the critical importance of maintaining secure systems. We appreciate the efforts of security researchers who help us identify and address vulnerabilities.

We commit to working with researchers in good faith, responding promptly to reports, and providing recognition for valid findings when desired.

Our goal is to create a collaborative relationship with the security community that benefits everyone and helps keep the internet safer.

Safe Harbor

We will not take legal action against security researchers who:

  • Act in good faith and within this policy
  • Report findings responsibly without public disclosure
  • Do not exploit vulnerabilities beyond proof of concept
  • Do not access, modify, or delete others' data

Testing Scope

In Scope

  • penetrationtesting.online and all subdomains
  • Our public-facing web applications
  • API endpoints
  • Authentication and authorization systems

Out of Scope

  • Physical security testing
  • Social engineering attacks against our staff
  • Denial of service (DoS/DDoS) attacks
  • Automated vulnerability scanning that generates excessive traffic
  • Third-party services and applications
  • Testing that violates any laws or regulations

How to Report a Vulnerability

Security Email

security@penetrationtesting-services.com

For encrypted communication, request our PGP public key

What to Include in Your Report

  • Provide a clear description of the vulnerability
  • Include step-by-step reproduction instructions
  • Describe the potential impact
  • Include proof-of-concept (screenshots, videos, code)
  • Specify the affected systems or endpoints
  • Avoid accessing or modifying data belonging to others

Our Response Process

1
Acknowledgment
Within 48-72 hours
2
Initial Assessment
Within 7 days
3
Resolution Timeline
Communicated after assessment
4
Fix Verification
Researcher notified before public disclosure

Researcher Recognition

We believe in acknowledging the valuable contributions of security researchers. With your permission, we will include your name in our Hall of Fame for valid vulnerability reports.

Hall of Fame

We thank all security researchers who have helped improve our security. Contributors will be listed here upon request.

Questions About This Policy?

If you have questions about our responsible disclosure policy or need clarification on scope, please reach out.

Contact Us