SECURITY & DISCLOSURE

Responsible Disclosure Policy

Effective: February 2026 • Version 2.0

Our Commitment

Security is foundational to ZishanHack. We welcome responsible security research conducted in good faith and are committed to reviewing all legitimate vulnerability reports promptly.

Good Faith Testing No Legal Action Coordinated Disclosure

Scope

✓ In Scope

https://zishanhack.com *.zishanhack.com api.zishanhack.com

✗ Out of Scope

  • Denial of Service (DoS/DDoS) attacks
  • Social engineering or phishing
  • Third-party services & integrations
  • Physical security attacks
  • Automated scanning that impacts availability

Testing Rules

  • No data exfiltration or copying of sensitive information
  • No modification or deletion of user data
  • No persistence mechanisms, shells, or backdoors
  • Stop immediately upon accessing sensitive data
  • Do not impact availability or degrade performance
Safe Harbor Protection

If you comply with this policy and conduct testing in good faith within scope, we will not pursue legal action for your security research.

Report Vulnerability

Submit all vulnerability reports to:

Vulnerability type
Affected URL
Impact
Steps to reproduce
Proof of concept

Acknowledgement target: Within 5 business days

Compensation

ZishanHack does not operate a paid bug bounty program. Vulnerability reports are accepted for responsible disclosure purposes only.

Qualifying researchers may be recognized in our Security Hall of Fame at our discretion.

Security Hall of Fame

We publicly recognize researchers who responsibly disclose valid security vulnerabilities in compliance with this policy.

01
Cyphryn
Critical Vulnerability Resolved
February 2026
Your name here
Submit a valid report

Hall of Fame inclusion requires: valid non-duplicate vulnerability, full policy compliance, and no premature disclosure.

Public Disclosure

Public disclosure is permitted only after we have provided written confirmation that the vulnerability has been fully remediated. We request coordinated disclosure to protect our users and infrastructure.

Coordinated disclosure No premature disclosure
RETURN TO HOME
Responsible Disclosure 5 Day Response
This policy is effective February 2026 and supersedes all prior versions. We reserve the right to modify this policy.

© 2026 ZishanHack. All rights reserved.