Jump to content
Tuts 4 You
Sign in to follow this  

.NET Core and ASP.NET Core bug bounty

Recommended Posts


Who's up for some white-hat research? :)


Qualified submissions are eligible for payment from a minimum of $500 USD to $15,000 USD, and bounties will be paid out at Microsoft’s discretion based on the quality and complexity of the vulnerability. Microsoft may pay more than $15,000 USD, depending on the entry quality and complexity.


Vulnerability submissions (“submissions”) provided to Microsoft must meet the following criteria to be eligible for payment:

  • Identify an original and previously unreported vulnerability in the latest RC or RTM version* of Microsoft .NET Core, ASP.NET Core and the default ASP.NET Core templates provided with the ASP.NET Web Tools Extension for Visual Studio 2015.
    Examples may include bypasses of CSRF protection, Encoding, Data Protection failures, Information disclosures to a client, Authentication bypasses and Remote Code Execution.
    *your vulnerability must reproduce on the latest RC or RTM version to be eligible
  • Include concise reproducibility steps that are easily understood. (This allows submissions to be processed as quickly as possible and supports the highest payment for the type of vulnerability being reported.)

Official announcement: https://blogs.technet.microsoft.com/msrc/2016/06/07/microsoft-bounty-program-expansion-net-core-and-asp-net-rc2-beta-bounty/
Full terms: https://technet.microsoft.com/en-us/security/mt574248


@moderators: please feel free to move to more appropriate section.

  • Like 2

Share this post

Link to post

Good Luck :)

Share this post

Link to post

@kao FYI : 



  • Like 1

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
  • Create New...