At Naukri, we take security issues seriously. If you believe you’ve detected a vulnerability within our
products we’d like to hear about it. We’ll investigate all reports and do our best to fix these issues as soon as possible.

Exceptions & Rules

Any activity that would disrupt, damage or adversely affect any third-party data or account is not allowed.
Please do not mass create accounts to perform testing. Also do not perform brute force testing to determine
whether rate limiting is in place for particular APIs or pieces of functionality.

The following are strictly prohibited:

• Denial of Service attacks.

• Physical attacks against offices and data centers.

• Social engineering of our service desk, employees or contractors.

• Compromise of a legitimate clients or employees account.

• Automated tools or scans, botnet, compromised site, end-clients or any other means of large automated
  exploitation or use of a tool that generates a significant volume of traffic.

In Scope Vulnerabilities

• Remote Code Execution

• Remote Shell/Command Execution

• Vertical Authentication bypass

• SQL Injection that leaks PII data

Out of Scope/Non-qualifying vulnerabilities

• Outdated WordPress Plugins

• Cross site request forgery (CSRF)

• Cross domain leakage

• Information disclosure

• Software version disclosure

• Vulnerabilities which are already publicly known or variations of such

• HttpOnly and Secure cookie flags

• SSL/TLS scan reports (this means output from sites such as SSL Labs)

• Password and account recovery policies

• Session timeout

• Session Hijacking (cookie reuse)

• Missing X-Frame or X-Content headers

• Account enumeration

• Click-jacking

• Rate-limiting

• XSS attacks via POST or headers

• Self-exploitation (i.e. password reset links or cookie reuse)

• Use of a known-vulnerable library (without proof of exploitability)

• Vulnerabilities as reported by automated tools without additional analysis as to how they’re an issue

• Directory listing

• Open redirects

• Content Spoofing

• Unrestricted file upload

Rewards

We are happy to thank every individual researcher who submits a vulnerability report
helping us improve our overall security posture at Naukri.