Jump to content
Tuts 4 You

.NET Core and ASP.NET Core bug bounty


Recommended Posts

Who's up for some white-hat research? :)


Qualified submissions are eligible for payment from a minimum of $500 USD to $15,000 USD, and bounties will be paid out at Microsoft’s discretion based on the quality and complexity of the vulnerability. Microsoft may pay more than $15,000 USD, depending on the entry quality and complexity.


Vulnerability submissions (“submissions”) provided to Microsoft must meet the following criteria to be eligible for payment:

  • Identify an original and previously unreported vulnerability in the latest RC or RTM version* of Microsoft .NET Core, ASP.NET Core and the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015.
    Examples may include bypasses of CSRF protection, Encoding, Data Protection failures, Information disclosures to a client, Authentication bypasses and Remote Code Execution.
    *your vulnerability must reproduce on the latest RC or RTM version to be eligible
  • Include concise reproducibility steps that are easily understood. (This allows submissions to be processed as quickly as possible and supports the highest payment for the type of vulnerability being reported.)

Official announcement: https://blogs.technet.microsoft.com/msrc/2016/06/07/microsoft-bounty-program-expansion-net-core-and-asp-net-rc2-beta-bounty/
Full terms: https://technet.microsoft.com/en-us/security/mt574248


@moderators: please feel free to move to more appropriate section.

  • Like 2
Link to comment
Share on other sites

  • 2 weeks later...

@kao FYI : 



  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...