RebelMouse’s Security Bug Bounty Program

At RebelMouse, the security and privacy of our clients is of the utmost importance. We work around the clock to maintain an infrastructure that's secure and shielded from any potential vulnerabilities. Click here to learn more.

To strengthen our commitment to security, RebelMouse offers a bug bounty program. If you believe you've found a security issue on our site, or any of the sites we power, we may compensate you for your discovery. We look at all submitted reports, and if we agree that it's a valid finding, we'll pay $250 for each one.

Here's more information about what qualifies as a security vulnerability and how to report a bug:


Qualifying Vulnerabilities

To classify vulnerabilities, we use the OWASP Top 10 as a guideline, which is published and maintained by The Open Web Application Security Project (OWASP). This includes:

  • Remote Code Execution (RCE)
  • SQL Injection
  • Local-Remote File Inclusion (LFI/RFI)
  • XML External Entity (XXE)
  • Broken Authentication (2FA Bypass, etc.)
  • Sensitive Data Exposure
  • Cross-Site Scripting (XSS)
  • Security Misconfiguration
  • Using Components With Known Vulnerabilities (With Examples)
  • Server-Side Request Forgery (SSRF)
  • Сross-Site Request Forgery (CSRF)
  • Insecure Direct Object References (IDOR)
  • Flood-Control Bypass
  • Privacy Bypass
  • Other Injections

Non-Qualifying Vulnerabilities

  • Reports from security scanners and other automated systems
  • Vulnerability reports based solely on software/protocol versions without a valid proof of concept
  • Reports about missing protection mechanisms or mismatched recommendations (for example, the absence of a CSRF token) without referring to a concrete negative consequence
  • Logout CSRF
  • Self-XSS
  • Framing
  • Clickjacking
  • Reports about Open Redirect
  • IDN homograph attacks
  • Attacks that require complete access to a user's page or browser profile
  • Vulnerabilities within third-party services

Strictly Prohibited

  • DDoS attacks
  • Social engineering
  • Gaining physical access to the servers/infrastructure
  • Threats/Harm to company employees

Moreover, such actions will be prosecuted to the fullest extent of the law, without exception.

Report Recommendations

When writing your report, be sure to include the following to increase your chances of receiving a reward:

  • The domain containing the vulnerability
  • The type of vulnerability
  • Examples of exploiting it, captured by screenshots or screencasts
  • Methods of reproducing the vulnerability
  • What impact the vulnerability has
  • Recommendations for fixing the vulnerability

Rewards

  • The standard reward is $250 USD per bug/vulnerability
  • The reward will only be given to the first researcher that reports a previously unknown vulnerability
  • We consider the exploitation of discovered vulnerabilities to be extremely unethical, and we will not provide a reward in such cases

Domains That Are Out of Scope

  • *.rbl.ms (except static.rbl.ms and res.rbl.ms)
  • *.rebelmouse.com (except www.rebelmouse.com)

If you have a security bug to submit to our program, please email bugbounty@rebelmouse.com for a submission form. Once the issue is evaluated and deemed to be valid, we will contact you about your reward. Good luck hunting!

Why RebelMouse Is the Best Content Marketing Platform

RebelMouse is a unique platform and company. The company was founded on the vision that media companies would need an always-modern solution to thrive in the new connected internet, and that brands would have to behave like new media companies and use the same platforms.

Keep reading... Show less

Why Premium Creative Agencies and CTOs Choose to Develop on RebelMouse vs. WordPress and Drupal

The Intersection of Design and Development: Where Your Clients Thrive

We started RebelMouse seven years ago knowing that there was a fundamental design flaw in the world of traditional CMSs: Every instance, on every platform, had to be updated independently. It's similar to an era when users had to manage their own Microsoft Exchange Server for email. The costs of managing, maintaining, and iterating on a CMS to keep it awesome and world class is typically a $10 million-a-year endeavor. But even then, these cost-prohibitive CMSs are still behind the times.

Keep reading... Show less

Native Multivariate Testing at Scale With RebelMouse

What Differentiates Our Approach

There are many popular tools that allow you to perform experiments and A/B tests on your users — primarily Google Chrome Experiments and Optimizely. But all of these solutions are JavaScript additions to your web page that sidestep the problem of old, outdated, and clumsy CMSs. These solutions work by calling on a third-party JavaScript library that rewrites a page after it's rendered. This approach adds extra page weight and creates strange user experiences due to having to wait for everything to load and be rewritten on the fly.

At RebelMouse, we've solved this in a very elegant way. At the core level of our platform, we can natively render different layouts and track the exact differences in performance when comparing a test to your other layouts.

Keep reading... Show less

Modern E-Commerce: Blur the Line Between Content and Design

Create Modular + Reusable Design Patterns on RebelMouse

Content saturation is an industry-wide problem, and the e-commerce space is no exception given that it's filled with big brands, small Etsy stores, and everyone in between all fighting for similar audiences. The best way to fight this symptom is to understand your audience and provide them with what they want.

Keep reading... Show less

Instagram-style E-commerce Features on RebelMouse

Revolutionizing E-commerce on RebelMouse

Whether you're a brand with a blog or a media company with a site, driving purchasing behavior and building an audience that uses your content to find things they love to buy is vital. We're very proud to have built out the same functionality that everyone is now used to on Instagram, with layovers on images that lead to products with attribution.

Keep reading... Show less

Building Premium Communities and User Journeys on RebelMouse

RebelMouse is much more than just a replacement for a traditional CMS. Our platform is a tremendous community-building experience. Today's social ecosystem has given us a seemingly limitless number of premium creators who understand how to create gorgeous and relevant content that drives the growth of their own audiences. These creators and influencers are either experts in certain topics, or heavily engaged in targeted content that drives their interests. They're not only consuming the content they're passionate about, but they're contributing to the conversation, too. The new role of the editor is not just to cover the most important topics and people around their expertise, but also to invite those preferred influencers into their community and get them to participate in creating premium content.

Keep reading... Show less

Dynamic Voting: Grow Traffic and Engagement Organically

Help your audience find its voice.

Creating quality content is no longer on marketers alone. We live in a universe of creators who are willing to not only consume content that resonates, but play a role in the creation, promotion, and conversations surrounding it.

Since the start of RebelMouse, we've been on a journey to create dynamic media that is easier for content creators to curate and amplify on social. It's why we've built an online engagement platform centered around the power of communities that thrive naturally in the digital ecosystem.

Keep reading... Show less

How to Monetize Your Website in Today’s Publishing Environment

In order to define distributive publishing, we have to ask the following question: If you have quality content, but nobody sees it, does it even exist? The answer is no, because your content needs to be supported in a way that lets it move seamlessly across all channels, especially site, search, and social. But let's take this question a step further: If you can't monetize your content to generate the support it needs, how do you create quality content in the first place?

Keep reading... Show less

Supreme Storytelling: indy100 Conversation's Top 20 Stories so Far

The Independent is prioritizing free thought and wants to amplify the voices that the mainstream media misses. That's why the U.K. media powerhouse launched indy100 Conversations. The new site, powered by RebelMouse, brings together creators from all around the globe to write about what's on their mind. From COVID-19 to racial injustice, the storytelling on indy100 Conversations has been anything but dry.

Here's indy100 Conversation's top 20 stories so far. Click here to join the conversation.

How COVID-19 Has Changed Four Key Components of Marketing

Picking up the pieces and the importance of building trust in a pandemic

As the second half of 2020 begins to pass us by, the COVID-19 pandemic continues to rage on throughout the global community. The longevity of the pandemic has left thousands of industries struggling to find an appropriate position in the marketplace that will allow them to sustain themselves alongside daily tragedy.

The pandemic is far from over, but publishers and marketers are beginning to sift through the aftershocks of what COVID-19 has done to the web. Here's a quick look at the decline in conversion growth during the first few weeks of the pandemic in the United States:

Keep reading... Show less

Explore Careers at RebelMouse

Join RebelMouses's modern and distributive workforce responsible for the websites of media powerhouses, including legacy brands like United Airlines and new media darlings like PAPER Magazine and Protocol.

If you feel like you've never quite fit into boxes or labels within the tech space, we want to hear from you. Built on a foundation of site performance, our cloud-based platform reaches 50+ million people a month with an always-modern approach to product and strategy.

Our fully remote team spans 25+ countries and has very flexible schedules. If you don't want to be confined to an office chair, and like the idea of being able to work from any place in the world you choose, we're a match.

RebelMouse is dedicated to pursuing inclusion for all individuals, regardless of their gender identity, sexual preference, ethnicity, religion, age, or disability. We work hard to form meaningful relationships beyond our platform, and it's this passion that has formed what is now a diverse software company and creative agency that's bucking industry norms. For us, diversity is a company pillar, not just a statistic.

Click here to browse our current opportunities
Subscribe to Our Newsletter