What is the first method you use to find a security contact?

Hacker Connect
1

Hello everyone,
I would like to ask let’s say you found a vulnerability in a website. What is the first method you will try to use to find a security contact and disclose that ? (i.e., check if the website has a bounty program, look for a /.well-known/security.txt, try send an email to [email protected]).

Thank you !
xristos

2 Likes
2

@xristos8574 I wrote a blog post about this a little while back with my POV on the most effective steps, and a burn-down list as things get more difficult: Establishing asset ownership in vulnerability reporting

1 Like