Jun 16

Adding a new type of bugs ~ Security

As some of you noticed when you first joined test.io, we, testers, are obliged to test the application as a normal user & any kind of exploiting is not allowed (& considered as Forced Bugs and/or Edge case). Same as Functional, Content, Visual & Usability. The new type will be called "Security", The customer would be able to select this type to be tested as any other type, which mean making it inscope. What's this new type about? --> In general, It'll be "exploit-related" testing, such as; - XSS. - MySql Injections. - Server's response to unexpected actions. - & others. Which mean, third party programs may be used while testing. Note: Denial-of-Service attacks should not be authorized. The customer will be able to decide, same as the other types, what to be not tested. The customer will be able to select a set of vulnerabilities/techniques to be considered out of scope in the description/overview. Payout range? The "Security" type may be devided itself into 2 levels (High - Critical) I would suggest that the payout should be in the range of a Functional-Critical bug & higher.
ClosedClosed