Security Policy

Here's how I keep users safe on my website(s).

This policy tells what types of kind of security controls are implemented across my website(s) to protect you while browsing my website(s).


  • The communication channel between my website(s) and users' browsers is encrypted using HTTPS, strong protocols and cyphers.
  • Security Headers are set to enforce HTTPS, restrict unauthorised content and block user-based attacks such as Click-jacking, and Cross-Site Scripting (XSS).
  • A Web Firewall continuously detects and blocks malicious requests based on known and unknown attacks.
  • Periodic web vulnerability scans (automated and manual) are done to identify vulnerabilities.
  • I accept responsible communication of security issues discovered by anyone browsing my website(s).
  • A security.txt file to guide security researchers as part of the .security.txt initiative.

For security researchers:

  • Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction of data during security testing;
  • Perform research only within the scope set out below.
  • Use the identified communication channels to report vulnerability information to u
  • Share discovered vulnerabilities only using the contact methods listed at the Contact page HERE.

If you follow these guidelines when reporting an issue, I commit to:

  • Not pursuing or support any legal action related to your research
  • Working with you to understand and resolve the issue quickly
  • Recognizing your contribution on the Security Researcher Hall of Fame, if you are the first to report the issue and he has to make a code or configuration change based on the issue.

Scope

The following are in-scope for security research.

Out-of-scope

Any host not explicitly listed above.

In the interest of my website's users, the following test types are not permitted:

  • Testing focused on social engineering (e.g. phishing, vishing)
  • Testing any kind of systems not listed above in the ‘Scope’ section
  • Any form of Denial of Service (DoS/DDoS) testing

How to report a security vulnerability?

If you believe you’ve found a security vulnerability in one of the in-scope website(s), please send it to me by emailing as plain text or PDF to [email protected]. Please include the following details with your report:

  • Description of the issue and the affected URL.
  • Proof of concept to help me reproduce the vulnerability (e.g. screenshots)
  • Your name and how can I contact you (e.g. email address).

Security configurations are continuously improved in line with good industry practices and developments. Although my website(s) are not under any type of regulatory or legal requirements, I continuously applies good security practices to protect all website(s) and users from harm.

Updates

This Security Policy was last updated on October 1, 2022. This policy can change without notice but will always ensure all users on my website(s) and researchers understand how I'm handling security when they use my website(s).

You may also read the Privacy Policy by clicking HERE.