WooRank is a super fast, super easy-to-use SEO audit and digital marketing tool (available in EN/FR/ES/DE/PT/NL).
We look at millions of websites through Google’s eyes and generate an instant audit of the site’s technical on-page and off-page SEO. Since we want to make the web a better place for everyone, we believe that protecting privacy and security should be a major concern for every individual or entity that is active on it.
Therefore we dogfood that idea by asking you to help us track down vulnerabilities. We think that the practice of 'responsible disclosure' is the best way to clean the Internet one step at a time. It allows researchers like you to notify us of any security threats before going public with the information. This gives us a chance to fix the issue before people with bad intentions become aware of it.
If you discover a vulnerability, we would like to know about it so we can take steps to address it as quickly as possible. We would like to ask you to help us better protect our clients and our systems.
- E-mail your findings to [email protected]. Encrypt your findings using our PGP key to prevent this critical information from falling into the wrong hands.
- DO NOT take advantage of the vulnerability or problem you have discovered, for example by downloading more data than necessary to demonstrate the vulnerability or deleting or modifying other people's data.
- DO NOT reveal the problem to others until it has been resolved.
- DO NOT use attacks on physical security, social engineering, distributed denial of service, spam or applications of third parties.
- DO NOT use automated scanning tools (eg. BURP suite, Nuclei, etc.) without our written consent.
- DO NOT perform actions that could impact the proper functioning of our system, both in terms of availability and performance, but also in terms of confidentiality and integrity of the data.
- Do provide sufficient information to reproduce the problem, include a clear attack scenario, a step by step guide in the PoC is highly appreciated so we will be able to resolve it as quickly as possible.
- We will respond to your report within 10 business days with our evaluation of the report and an expected resolution date.
- If you have followed the instructions above, we will not take any legal action against you in regard to the report.
- We will handle your report with strict confidentiality, and not pass on your personal details to third parties without your permission.
- We will keep you informed of the progress towards resolving the problem.
- We may choose to ignore low quality reports, reports of vulnerabilities that are Out of Scope or reports that do not follow the guidelines listed above.
- We ask you to not publish information about the vulnerability without our written consent.
- To thank you for any report of a security problem that is not yet known to us, we offer the opportunity to be listed in our "Hall Of Fame".
This text is a derivative work of "Responsible Disclosure" by Floor Terra, used under a Creative Commons Attribution 3.0 License.