Dashboard Challenges Scoreboard Community Login Register

Security

Report vulnerabilities responsibly

Responsible Disclosure Policy

At HackForge, we take security seriously. We appreciate the security community's efforts in helping us maintain a safe platform for all users.

Scope

The following are in scope for security testing:

  • Web Application Only: The HackForge web application and its functionality
  • Authentication and session management
  • Data exposure and access control issues
  • Application-level vulnerabilities (SQL injection, XSS, CSRF, etc.)
  • Business logic flaws
  • Client-side vulnerabilities affecting other users

⚠️ Important: Server infrastructure testing is NOT permitted. We may use shared hosting infrastructure, and testing server-level security could affect other services. Focus only on application-level vulnerabilities.

Out of Scope

  • Server/Infrastructure Testing: Port scanning, network mapping, server exploitation, OS-level vulnerabilities
  • CTF Challenge Environments: These are intentionally vulnerable for educational purposes
  • Social engineering attacks against staff or users
  • Denial of Service (DoS/DDoS) attacks
  • Physical security testing
  • Third-party services and APIs
  • Brute force attacks on authentication (rate-limited intentionally)

Note: Any testing that could impact server availability or other hosted services is strictly prohibited.

Guidelines

  • Test the application only - Do not probe server infrastructure, ports, or hosting environment
  • Do not access or modify data belonging to other users
  • Do not perform actions that could harm the platform or its users
  • Do not publicly disclose vulnerabilities before they are fixed
  • Do provide detailed reproduction steps
  • Do allow reasonable time for us to address the issue (typically 90 days)
  • Do report vulnerabilities through our official contact form only

What We Promise

  • We will acknowledge receipt of your report within 48 hours
  • We will provide an initial assessment within 7 days
  • We will keep you informed about the remediation progress
  • We will credit researchers in our Hall of Fame (with permission)
  • We will not pursue legal action against researchers acting in good faith

Report a Vulnerability

If you've discovered a security vulnerability in HackForge, please report it through our secure contact form. Select "Bug Report" as the subject and include:

  • A clear description of the vulnerability
  • Steps to reproduce the issue
  • Potential impact assessment
  • Any proof-of-concept code (if applicable)
  • Your contact information for follow-up

Security Hall of Fame

We thank the following security researchers for their responsible disclosure:

Be the first to responsibly report a vulnerability!

Want to be listed here? Report a valid security vulnerability and we'll add your name with your permission.