Vulnerability Disclosure Program
Updated on June 1, 2023.
If you have found a vulnerability on one of SoContact’s products (i.e. dashboard, API, Chrome extension, etc.), we encourage you to submit your report to us as soon as possible and to not make the vulnerability public until it has been fixed and verified by SoContact.
SoContact will not file a lawsuit against you or report you to law enforcement assuming the vulnerability was reported responsibly and that it meets the following criteria present in this Agreement.
Bug Bounty Program
SoContact considers security as a crucial aspect of its operations, which is of utmost importance for its customers and products. To ensure maximum security, SoContact has implemented a range of security measures and is determined to safeguard application data, eliminate any potential vulnerabilities, and ensure uninterrupted business operations.
For questions concerning our security please contact email@example.com.
To report any security concerns or vulnerabilities related to SoContact’s products, please reach out to firstname.lastname@example.org. It is recommended to include a proof of concept, a list of tools used (including their versions), and the output of those tools. At SoContact, all disclosures regarding security are treated with utmost seriousness. Any vulnerability bounties (also known as bug bounties) are assessed on a case-by-case basis.
- Notify SoContact of the vulnerability and provide all of the details available to you.
- Please provide enough detail to be able to fully identify and reproduce the issue, which may include the product, version, URL, requests/responses, screenshots, etc.
- Provide SoContact with a reasonable time period to fix or address the issue before publicly disclosing.
- In your research, please avoid any possible service disruption, accessing private user data, or destroying user data.
- Do not submit reports from automated exploit scanning tools without first confirming the issue is in fact present.
- Do not contact SoContact employees or users for the purpose of phishing or social engineering.
Rules you will follow
- Never try to access another user’s account or data.
- Do not perform or try to perform any action/attack that could harm the integrity and reliability of our data and/or services.
- Spam/DDos attacks are not permitted. Do not perform actions that could have an impact on our other users while testing.
- A bug should never be disclosed publicly before it is known to be fixed.
- Vulnerability tests should only be tested on websites that you know for sure to be operated by SoContact.
- The use of Scrapers, Scanners and/or any other form of automated tools while testing is forbidden.
- Under no circumstances should you engage in non-technical attacks, such as phishing and/or physical attacks against our infrastructures, our user and/or our employees.
- In case of doubt, always contact us at email@example.com.
Rules we will follow
- Your submissions will get a quick response.
- You will always be updated on our progress in fixing a bug you submitted.
- No legal action will be taken against you if you follow our rules.
Actions that don’t qualify
- Bugs related to browser extensions and those that do not affect the latest version of modern browsers (such as Chrome, Firefox, Edge, Safari) are out of scope.
- Bugs that require highly improbable user interaction are out of scope.
- Bug submissions that do not include written steps to reproduce the issue or only provide video demonstrations are not acceptable.
- Insecure cookie settings for non-sensitive cookies.
- Disclosure of information that is already public or information that does not pose a significant risk.
- Bugs found in content or services that are not owned or operated by SoContact.
- Scripting or employing other forms of automation or brute-force tactics to exploit intended functionality.
- Tabnabbing and Clickjacking.
- Rate Limite.
- Cipher Suite (TLS protocol).
- In case of doubt, always contact us at firstname.lastname@example.org.
Categories to Look for Vulnerabilities
We are primarily interested in hearing about the following vulnerability categories:
- SQL Injection
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Authentication Bypass
- Insecure Direct Object References
- Remote Code Execution
- Sensitive Data Exposure
Vulnerability Categories that are Out of Scope
The following categories are considered out of scope and should not be explored during your vulnerability research:
- Denial of Service (DoS)
- SSL vulnerabilities (i.e. misconfiguration or version)
- Brute force attacks
- User enumeration
- Misconfigured flags on non-sensitive cookies
- Logout CSRF
- Issues only present in deprecated browsers or plugins
- Clickjacking on pages without authentication and/or sensitive state changes
- Vulnerabilities that require users to perform highly unlikely actions (i.e. disabling browser security features, sending an attacker critical info, etc.)
Rewards for Bug Bounty
- Critical Severity Vulnerability: $1200
- High Severity Vulnerability: $600
- Medium Severity Vulnerability: $300
- Low Severity Vulnerability: $150
A number of advantages far superior to other online prospect search tools!
Stop sending InMail to which few people respond. Get the contact details of the people you are really targeting.
350M+ professional profiles
Be more efficient thanks to an intelligent tool.
SoContact focuses on the security of your information, and that much better than elsewhere.
A base enriched daily
SoContact's artificial intelligence collects and verifies the contact details of your prospects in real time from the web to give you the most reliable information on the market.
220M+ business emails
80M+ numbers130M+ personal emails
No need to search for the contacts of the people you are interested in, they are available in a few clicks!
Friendly and easy to use interface
An intuitive interface makes adapting faster and seamless. The Chrome extension makes the lead generation process simple and efficient.
1000+ active sales teams
The SoContact tool is already appreciated by hundreds of sales teams all over the world.
SoContact user since December 2022
SoContact user since February 2023
SoContact user since January 2023
Here's why the SoContact experience is valued
According to customer feedback, SoContact has increased the conversion rate in their sales process by more than 50%.