At WebinarGeek, we recognize the critical role security plays in providing quality services to our global user base. Despite our continuous efforts to safeguard our systems, which you can find outlined here, vulnerabilities can emerge. We believe in working collaboratively with the security research community to identify and resolve issues quickly and efficiently. We encourage researchers and ethical hackers to engage with us responsibly to improve our digital environment.
Guidelines for Reporting Vulnerabilities
We invite security researchers and enthusiasts to report potential vulnerabilities identified in our systems with the understanding and agreement to the following guidelines:
Contact: Direct your findings to security@webinargeek.com. Please provide detailed information, including steps to reproduce the vulnerability, so our security team can validate and address the issue promptly. We are confident that regular mail encryption is sufficient enough to provide the confidentiality needed to report a vulnerability. However, if you feel that your vulnerability report requires the use of PGP encryption, you can find our public key at the bottom of this page.
Acknowledgment: We commit to acknowledging receipt of your report within two working days.
Investigation & Resolution: Our dedicated team will investigate reported vulnerabilities and aim to resolve them within one week of acknowledgment. The complexity and severity of the issue may affect resolution times.
Confidentiality: We ask that you maintain the confidentiality of any vulnerabilities discovered until we have resolved them. We will coordinate with you on the public disclosure of any findings.
Rewards & Acknowledgment: While not all reports may qualify for a reward, we assess submissions on a case-by-case basis for potential acknowledgment or reward. The nature of the reward will depend on the severity and impact of the discovered vulnerability.
Legal Protection: We promise not to initiate legal action against individuals who report vulnerabilities following these guidelines, provided that they have not engaged in unlawful activities or misuse of the discovered vulnerability.
What We Do Not Accept
Attempts to access, download, or modify data belonging to others.
Denial of service (DoS) attacks.
Spamming.
Social engineering or physical attacks against our property or data.
Rewards Program
Rewards are determined based on the risk level of the reported security vulnerability and are at the discretion of WebinarGeek.
In the event of duplicate reports, the reward will be issued to the first reporter.
Rewards are subject to change and may vary according to the uniqueness and severity of the vulnerability.
Out of Scope
Reports of non-security issues or inquiries.
Third-party services and software not directly managed by WebinarGeek.
Publicly known vulnerabilities that have already been addressed.
Vulnerabilities which are:
HTTP 404 codes or other non HTTP 200 codes
Version banners on public services
Clickjacking on pages without a login
Cross-site request forgery (CSRF) on forms that can be accessed anonymously
Lack of 'secure' / 'HTTP Only' flags on non-sensitive cookies
Notifications related to SSL certificate (e.g. weak cipher)
Using the HTTP OPTIONS Method
Host Header Injection
Lack of SPF, DKIM and DMARC records
Lack of DNSSEC
The lack of HTTP Security Headers
Reporting outdated versions of software without a proof of concept or working exploit
Best practices
Closing Statement
Your contributions are invaluable to the security and integrity of our services. WebinarGeek is committed to working openly with the security community to mitigate and resolve vulnerabilities responsibly. We look forward to your submissions and thank you for your efforts to help us keep our systems secure.
For any further questions or submissions, please reach out to security@webinargeek.com.
Public PGP key
-----BEGIN PGP PUBLIC KEY BLOCK----- Version: Mailvelope v5.1.2 Comment: https://mailvelope.com xsFNBGYiNvsBEACstiq6CSr87xh1aFp3xmnbv2/KOtKL8rQs9SUA8OgYIrmD zdMbdMzCY+OEcXlOi8huygkqDXX5s4VPUspjYFuPWp1U8WkGOzl68E6t2Tbi Rz464iRWVUkj/4rUxVOW22+XKiewHLmWgpbXwuxc4OSfUZpihvB135LmXJS6 yFTfv0M8s9hCYDsJ6wNa/V53UiLsXqUe/1rRFx1sLOYwjXaGZBpJyhKUpez5 Zq2a2qMKtBgFVfZ6Wv3Qzswc1Bpb/e14G2kFPwPQVdf38tmXXmcnZe31l9oG dP4EVLa29iPhaGL9Z4CBbWsyxJN8SAWIiFXKQhKxdw1GizqEPAbKHgezGPB9 CYI1NzrZtKS7weIIjC46hwGjSpp81xxhH8c+V8L7ZDGJ/wH709g60Qvs+Wo3 0gTfNtjwS2dhf+KMk+ZvdFP1p80xUm9Yx6OkrPs4KwPwBZ5YFgDsyarIau2H rDl6AU370OxVUCsvf0o+QAe4mpxosCfbBkaX/B5Glsr/8ZjPOPiZa1vxkFP/ AmygdbzuZBhCWhvp+w4Re01J1wH8RJHN7s7t4IoXLGb/mQZiOpd86mqJEiMy 2zjVB2B0mOQ29dE37XDE8B15QxTbAYkaXTEqi2c9vty5h+qYdOtw8aBBcX3c srkv9nVqSVsR2z9fNG/Q8GJPoJR+T5V9rXLtPQARAQABzS9XZWJpbmFyR2Vl ayBTZWN1cml0eSA8c2VjdXJpdHlAd2ViaW5hcmdlZWsuY29tPsLBigQQAQgA PgWCZiI2+wQLCQcICZAkstxUEqspXwMVCAoEFgACAQIZAQKbAwIeARYhBJVy WxNjs/qPf/cTtCSy3FQSqylfAABNrg//c/Q3RUtLJ8AflLl2Cack9MiL6zqJ 5Ynid83JuKor9/m2j/CXLeu05WYmMETUIIWRukgrKixjK/4GsnNuAdsuLdkB wJoi7laubateNSNOHP/UCCq0SS9h+S5RMhXRJu4hwJPfGpdFbnpTtEUf+w2p y1KgZkGJwGHgKXK+yecymudV+gWuuifZDhvPc7/UuIGXXXQSUcIH8Q3i4jWK xdFWlCv8Vbgg8fmAJVxYovBt9UAdv4x2gD325/unaK1yV8AEcKdX0jrKrzCV hNUPj4GlAiLzITQznfbRo9j6/iN579QCTqvuoM0x3y8hKDWzghQlXZrWw+PZ 5VkUC0eOOLipqswKuVRrpbUGmnz3Nx+d0hvUySeWxbol119seE3SG+GEvhA5 wjsWA4RaFF1rOv9OiBnIbrSjacBzsRjTixhwNZdbyFqVb55Ou5Sh6sHvJkam jPYVDTWA7lFANDJZkzNOeI0TvwyZLt6rSsv/YLxMLkcjwNSDKxhnRjnH05d3 JO5SEtT2+bLWMcCM4ENQGBcxG6NxMNN3dm9UFAMX+6Ig+Twi23+WnW0XIcRY MCIxkVe1KstDyD8OeshVtslbH3DS5ex13eRQdNuRDeuiqN1KANQKymHTNFWA KtH/oD8euhGHDxa4z9ASNAVHZVsSJZQrj9s5xpypzOgSoR0h8t2jvCXOwU0E ZiI2+wEQAMbSZcIFssfG0UIxegqAW8EFevvAhW1j+o8bWHn84lxSj7Ps5AZ1 a4jbcUFXR17UmRU7QlDPOQQ8+3dXoRavRWIoRpIN97H6Wj/BYkfQOqt3+znP 2RoggCpfaxee/XIPL7pI1M0p0lOxeTFxRBAaImOBzu4LMcGdI+z6n1bB2K5g qWsEOlR3PzsSwLdWukwPON5f5gvxcO8NK9ayUZwOqghuqZUMNVF29Bvy3qwm M+z7WrlwWCXPvdHlz2an+2HEMyoLSKI9Vkim7VM/LcddHVVM6iVAx7vJg4Aa wYjyJ79mXuEnVtj4q6FKXYl1xFJl9Q7YMqw4yrUz7dCg5FsgdXZhmPuvZKcM ZquruegkH/tlnmxcSdA+XpA//qbibbNTHDhxYgjoKHtWZ8ZJUE6fHjRXRKJC TTAe8tnmYjEePjRSR3BZ0e6/jLeA/8lvFv5zPjruDlRfRmiw+xOPBOu7gD+b Lpwa4F3mAVXwAM8yUP/ebt3MoAS39pWExAhxvQO1P9L5olTxZfHiFdN9lJZX 73bgRnf7BRzzZxtirGFQY9hs1Wsx37M30xM9RDibh49/Zn7r4U89LuwGiXx+ KVp4TO5uMI6wK2aTHyJwFyDIxQVYCFU0Bv8+YuF+JQTcBIwc6/HeTjhaV3VM KbBs198cldpmOjf4JRY3v731ngWgZKKnABEBAAHCwXYEGAEIACoFgmYiNvsJ kCSy3FQSqylfApsMFiEElXJbE2Oz+o9/9xO0JLLcVBKrKV8AAAU7D/4wENpv iFLuMYtlMTNakZEYje7Ezth/c1XjK0juryFxv+mRKlzcvqiQwR24b/xWXg6v qwKhyW8WgFEYnadZXCWd4XuIb6dWjtFKzHPdhr4revzJXRPliHM9r+Ywr78N nJ2MvkO9BjLfa2CfkuCaVR2q55rm5AUj8wZcCdLTOnAGbq/l1qwM4sQdU8rf JdSiKT8eDQk3GVDCRb9rnWv66VxTVqz2v9Wa1RT7DxZH89+X8cgYwOcX5hK6 Rs7WPMoxM7oXsGgUMe5zp+QmqeAVNtazAT/VkFDe43HZFVhuMWzJb/43mzDp MjH3E6xTCQq5iD494H5TtaC3P4OcOoSofiBZzKhHZZGPLzXAWkn17mC1Ls2T PeyNcjSXTFzpdanCfCcUEI5U2aiz0ncVRK9b43LCWO6dEl3TE7EedpHnOasl mUKT0Um7zrjCZEX7kYUmoUxP07VTjZEXINpc5PtmUkeYMvwZDa1TPfmOdVTs 6QTmyILhuGwGmkIwU0nookkp3Zmwbv+0PFVLsB5ZsFVtVEucweHgtz9WIo4A 6toKPmtcDwkrcJ8b3kCuq+bjdqPxmoGI8j8esN+Mlz45rFyBm7RHYZcTDgjn p/dOZB9C0sFDpfq39Vdqz+J1Ur3s4kBrsAL2OaPcU4Sn6WTfkzkOM5qGgDea bv7XodZw39niyfbpIw== =47Xu -----END PGP PUBLIC KEY BLOCK-----