MobiKwik says that the program is aimed at strengthening its cybersecurity efforts and added that bug hunters will be rewarded in accordance to the security of the bugs highlighted
MobiKwik has announced its first bug bounty program. The company says that the program is aimed at strengthening its cybersecurity efforts in the field of digital payment. It also hopes to address security flaws like Cross-Site Scripting (XSS), SQL Injection, Misuse/Unauthorised use of MobiKwik’s APIs, improper TLS protection, and leaking of sensitive customer data. The company has also stated that bug hunters will be recognised for their efforts and will be rewarded in accordance to the severity of the bugs highlighted.
Read the complete press release below
MobiKwik, India’s largest independent mobile payments network, today announced its first bug bounty program aimed at further strengthening its cybersecurity efforts in the field of digital payments.
Having seen the gradual rise of security threats against tech platforms in the last year, MobiKwik's full-fledged bounty program seeks to find gaps in the system and patch it immediately. Bug hunters will not only be recognized for their efforts but also rewarded in accordance to their severity of the bugs highlighted.
With over 25 million users and 50,000 retail partners on board including the likes of Big Bazaar, Uber, and IRCTC; MobiKwik aims to further strengthen its hold over the digital payments ecosystem in India by making its platforms more robust.
Speaking about the bug bounty program, Bipin Preet Singh-CEO had this to say "MobiKwik provides a secure, seamless, and rewarding payment experience. With the introduction of the bug bounty program we are now taking a crucial step forward in further strengthening the security of our wallet. We encourage security researchers and bug hunters to reach out to us and make a responsible disclosure when they detect any vulnerabilities."
The bug bounty programs seeks to address crucial security flaws like Cross-Site Scripting (XSS), SQL Injection, Misuse/Unauthorized use of MobiKwik's APIs, Improper TLS protection and Leaking of sensitive customer data (especially anything in the scope of PCI). Security researchers can report vulnerabilities to firstname.lastname@example.org. With the discovery of the bugs MobiKwik's security team will analyze the flaw and issue a patch for the same in the least possible time. Depending on eligibility bug hunters stand to earn cash rewards from MobiKwik.
For more information please log onto: https://www.mobikwik.com/bug-bounty