Security Disclosure – Daksh B Cyber Security

SECURITY DISCLOSURE & RESPONSIBLE VULNERABILITY REPORTING

Last Updated: June 05, 2026

We encourage ethical hackers and security researchers to responsibly report vulnerabilities affecting dakshb.co.in or any other digital asset officially owned and managed by Daksh B. Security is a priority and we welcome responsible disclosure without fear of legal action.

1 — Scope of Authorized Security Testing

Testing is permitted only on:

dakshb.co.in (main website)
Official subdomains owned by this platform
Public-facing APIs and authentication endpoints
Live chat system hosted internally on dakshb.co.in

2 — Prohibited Testing Methods

The following methods are strictly not allowed:

DDoS or load-based attacks impacting uptime
Phishing & social engineering of users or team
Malware injection, ransomware, or system alteration
Data extraction or unauthorized database access
Account hijacking or brute-force login attacks

3 — Accepted Types of Valid Reports

SQL injection, XSS, CSRF, IDOR
Access control bypass or privilege escalation
Authentication/session misconfiguration
Sensitive data exposure or insecure storage
Cloud storage misconfiguration
Vulnerable API endpoints

4 — How to Submit a Security Report

Submit via email with proof of concept:

Email: [email protected]
Subject Format: [SECURITY REPORT] – Vulnerability Title

Required details:

Steps to reproduce
Affected URL / endpoint
Expected vs real result
Potential impact
Optional screenshot or video

5 — Response & Coordination Timeline

Acknowledgment after initial review
Vulnerability validation and severity assignment
Fix / patch deployment
Researcher notified once resolved

6 — Researcher Recognition

If desired, researchers may receive:

Public acknowledgment on a future contributors list
Private recognition via email
Eligibility for private bug bounty invitations (optional)

7 — Good-Faith Research Protection (No Legal Action)

Researchers abiding by responsible disclosure guidelines will not face any legal consequences. Malicious intent, data theft or unauthorized access is outside this protection.

8 — Non-Disclosure Requirement

Vulnerabilities must not be publicly disclosed until the issue is fixed and written permission is granted. Premature disclosure threatens live security and will be treated as harmful activity.

9 — Third-Party Components & External Dependencies

If the vulnerability belongs to an external vendor, we will forward the report responsibly to the affected provider.

10 — Bug-Bounty Reward Disclaimer

We do not operate a public ongoing bug bounty program. Rewards or monetary appreciation are not guaranteed. Any rewards, if provided, are discretionary based on severity, uniqueness & responsible disclosure.

11 — Non-Interference Rule During Patch Deployment

Once a vulnerability is reported, researchers must stop all testing immediately. Do not reattempt exploitation while a fix is pending.

12 — Data Protection Requirement for Researchers

During PoC testing:

Do NOT access real user accounts or data
Do NOT save or export sensitive information
Use only dummy test accounts if needed

13 — Log & Monitoring Notice

All exploit attempts are logged for safety. Logging is used for protection, not to discourage ethical research.

14 — Zero-Tolerance for Fake / AI-Auto-Generated Reports

We reject fabricated or recycled PoCs, spam CVE submissions & mass-submitted reports. Repeated false submissions may lead to automated blocking.

Final Statement

Thank you for supporting cybersecurity through responsible reporting. Ethical hackers strengthen the community — and we welcome collaboration that protects users and systems.