Thandev LogoThandevBeta

Security Policy

Responsible disclosure and security practices

Security First

At Thandev, we take security seriously. As a security testing platform, we understand the importance of maintaining the highest security standards and practicing responsible disclosure.

Reporting Security Vulnerabilities

If you discover a security vulnerability in our platform, please report it responsibly. We appreciate your help in keeping our platform secure.

How to Report

  • Email: security@thandev.com
  • Response Time: We will respond within 48 hours
  • Confidentiality: Your report will be kept confidential
  • Recognition: We maintain a security acknowledgments page

Important: Do Not

  • • Report vulnerabilities through public channels
  • • Access or modify data that doesn't belong to you
  • • Disrupt our services or other users' data
  • • Use automated tools that may cause system instability

What We're Looking For

In Scope

  • • Cross-site scripting (XSS)
  • • SQL injection
  • • Cross-site request forgery (CSRF)
  • • Authentication bypass
  • • Authorization flaws
  • • Information disclosure
  • • Server-side request forgery (SSRF)
  • • Remote code execution

Out of Scope

  • • Social engineering attacks
  • • Physical security issues
  • • Denial of service attacks
  • • Issues in third-party services
  • • Spam or social engineering
  • • Issues requiring physical access
  • • Vulnerabilities in dependencies

Our Security Process

1

Initial Response

We'll acknowledge your report within 48 hours

2

Investigation

We'll investigate and validate the vulnerability

3

Fix Development

We'll develop and test a fix for the vulnerability

4

Deployment

We'll deploy the fix and notify you of the resolution

Recognition

We maintain a security acknowledgments page to recognize security researchers who help us keep our platform secure. If you would like to be recognized, please let us know when you submit your report.

Hall of Fame

Security researchers who have helped us improve our platform will be listed on our acknowledgments page with their permission.

Contact Information

For security-related inquiries, please contact us at:

Email: security@thandev.com

PGP Key: Available upon request

Response Time: Within 48 hours

Legal

By participating in our security program, you agree to comply with all applicable laws and regulations. We reserve the right to modify this security policy at any time.