Quickwork Bug Bounty Program
Quickwork Technologies Private Limited is committed to ensuring the security and integrity of our services. As part of this commitment, we are launching the Quickwork Technologies Private Limited Bug Bounty Program. Through this program, we encourage security researchers to responsibly disclose any potential vulnerabilities they find on our platforms, thereby contributing to our continuous drive to enhance the safety and security of our systems.
Total Submissions
44
Researchers
12923
Unique Visitors
561
Submission Rate
0.26%
Quickwork Technologies Private Limited
Quickwork is a no-code, real-time, enterprise iPaaS with 1,500+ pre-integrated apps to build enterprise and consumer workflows, publish APIs, and manage conversations. The platform is designed to make automation easy, allowing teams of all sizes to build simple or complex workflows quickly. It combines a drag-and-drop user interface with the ability to make instant changes to live workflows, within a secure and compliant environment. With users in 145 countries, Quickwork is becoming the go-to iPaaS for enterprises looking for a reliable and scalable platform to build automated workflows quickly!
Rewards Listing
| Technical Severity | Created | Bounty Range |
|---|---|---|
|
Critical (P1)
|
26 June 2025 | 15000.00 - 25000.00 |
|
Severe (P2)
|
26 June 2025 | 10000.00 - 15000.00 |
|
Moderate (P3)
|
26 June 2025 | 5000.00 - 10000.00 |
|
Low (P4)
|
26 June 2025 | 1000.00 - 5000.00 |
|
Informational (P5)
|
26 June 2025 | Certificate of Appreciation |
| Severity | Resolution (in days) |
|---|---|
|
P1
|
7 |
|
P2
|
14 |
|
P3
|
30 |
|
P4
|
60 |
|
P5
|
90 |
- Always conduct testing ethically and legally.
- Do not publicly disclose the vulnerability without obtaining explicit consent from Quickwork Technologies Private Limited.
- Never attempt to access, modify, delete, or store user data.
- If using automated tools or scripts, ensure they do not cause harm or excessive traffic to our platforms.
- Use only your own accounts for testing. Do not interact with or exploit other real users' accounts.
- If you find multiple vulnerabilities, report them sequentially and not simultaneously, giving us time to respond.
- Do not conduct tests that may degrade our services or impact our users.
- If submitted for one core domain such as automation.quickwork.co, other regional domains will be considered as a duplicate, so please only submit for just one domain.
- CSP Headers and IFrame options are considered P5 if not followed by a exploitable vulnerability.
- Age: Participants must be 18 years or older at the time of entry.
- Affiliation: Individuals affiliated with Quickwork Technologies Private Limited, including employees, contractors, and their immediate families, are not eligible to participate.
- Country of Residence: While we accept submissions globally.
- Compliance: Researchers must be in full compliance with all terms and conditions of the Quickwork Technologies Private Limited Bounty Initiative.
- Denial of Service (DoS/DDoS) Attacks: Any attempts to disrupt the service is strictly prohibited.
- Physical Security: Physical attacks against offices, data centers, or any other physical assets.
- Third-party Platforms: Vulnerabilities in third-party components or services used by Quickwork Technologies Private Limited but not under our direct control.
- Leaked credentials: Credentials which have been exposed due to a larger attack extracted from a database would be considered out of scope.
- Social Engineering: This includes spear-phishing, pretexting, baiting, and any other form of obtaining information through deception.
- Clickjacking on pages with no sensitive actions.
- Issues related to software or protocols not under Quickwork Technologies Private Limited control.
- Unconfirmed Reports: Reports without a clear proof-of-concept or lacking detailed steps to reproduce.
Carefully review and understand the rules and scope of the bug bounty program. Each program has specific guidelines, eligibility criteria, and a defined scope of systems, applications, or services that are in-scope for testing. Focus your efforts on these areas to ensure your findings are eligible for rewards.
When reporting a vulnerability, commit to providing clear and comprehensive details to help the organization reproduce and validate your findings. Include step-by-step instructions, proof-of-concept code if applicable, and any other relevant information that can assist the organization's security team in understanding and verifying the issue.
Engage in professional communication with the organization's security team. Be responsive to any requests for clarification, additional information, or coordination during the vulnerability verification process. Maintain open and respectful communication throughout the entire process, understanding that both parties are working together to improve security.
Always adhere to responsible disclosure practices. When you discover a vulnerability, avoid exploiting it for malicious purposes or sharing it with unauthorized parties. Instead, immediately report the vulnerability to the program organizers following the reporting process outlined in the program guidelines. This allows the organization to address the issue before potential harm can occur.
Researchers participating in our programs are expected to adhere to specific Safe Harbor provisions. They are assured Legal Protection; by complying with all program terms, they're granted a legal safe harbor, ensuring they won't face lawsuits or legal actions for their reported findings. Participants also commit to Responsible Disclosure, providing ample time to address and rectify vulnerabilities and doesn't disclose any findings publically what so ever. Testing should be confined only to systems they have explicit authorization to assess. Furthermore, during the assessment, data access should be minimized, focusing only on what's necessary to validate a vulnerability, and retaining no user data beyond what is absolutely required.