Responsible Disclosure

Reporting Guidelines

  • Please use beta.klenty.com to perform all security testing (Please note accounts created on this domain would be deleted randomly). Testing conducted via app.klenty.com on the live application is banned.
  • Reach out to [email protected], if you have found any potential vulnerability in our products meeting all the below mentioned criteria. You can expect a confirmation from our security team in about 48 hours of submission.
  • Please refrain from doing security testing in existing customer accounts.
  • When conducting security testing, make sure not to violate our privacy policies, modify/delete unauthenticated user data, disrupt production servers, or to degrade user experience.
  • You’re allowed to disclose the discovered vulnerabilities only to [email protected]. Documenting any potential In/Out of scope vulnerability to the public is against our responsible disclosure policy.
  • We encourage you to encrypt your message with our public key to ensure that it it remains safe in transit.

Qualifying Security Bugs

All bugs that are reported are qualified based on its impact on customer’s production data.

We will consider other security vulnerabilities if it is making an impact and exploitable with a working non-intrusive POC.

In Scope Domains

  • app.klenty.com

Bugs Severity

Klenty will define the severity of the issue based on the impact and the ease of exploit.

Response Time

RESPONSE TYPE TIME
Acknowledgement Within 48 hours
Time taken to resolve Based on the Severity

Hall of Fame

We would like to thank the people listed here who have identified and responsibly disclosed security vulnerabilities with Klenty.

  • Sourajeet Majumder
  • Alwoares Naeem
  • Kshitij Gupta
  • Mahendra Purbia RJ30
  • Shrey Shah
  • Kunal Mhaske
  • Amiya Behera
  • Ayan Saha
  • Gagan Bagh
  • Ratnadip Gajbhiye
  • Arshad Aqil K
  • Prateek Thakare
  • Sammam Qureshi
  • Volodymyr "Bob" Diachenko
  • Shemal Joshi
  • Prasad Panchbhai
  • Lavan Kumar Udutha
  • Dhruv Kamal
  • Naveen Kumar M
  • Diwakar Kumar
  • ManhNho
  • Rajesh Kumar
  • Onkar Hase
  • Virendra Yadav
  • Raj Makode
  • Mohammed Abdul Kareem
  • Vismit Rakhecha
  • Soundar.M
  • Naveen Kumar
  • Karan Keswani
  • Aaditya Prasad
  • Aditya Soni
  • Onkar Sonawane
  • Tijo Davis
  • Akshay Parse
  • Rushikesh R Patil
  • Pravin Bhivsen Mahadik