Security
Effective date: March 26, 2026
We build a penetration testing platform — we take the security of our own infrastructure seriously. If you discover a vulnerability in hackaws.cloud, we genuinely want to hear about it and we’ll work with you to resolve it quickly.
Reporting a Vulnerability
Please email security@hackaws.cloud with:
- A description of the vulnerability and its potential impact.
- Steps to reproduce, including URLs, request/response details, or proof-of-concept code where possible.
- The type of issue (e.g., XSS, IDOR, authentication bypass, injection, misconfiguration).
- Any affected endpoints, parameters, or components.
The more detail you provide, the faster we can triage and fix the issue. Even partial reports are welcome — if you’re not sure whether something qualifies, send it anyway.
What to Expect
- Acknowledgement within 48 hours. We’ll confirm we received your report and provide a point of contact.
- Triage within 7 days. We’ll assess severity, confirm the issue, and give you an initial timeline for a fix.
- Credit. With your permission, we’ll credit you publicly when the fix ships. Let us know how you’d like to be acknowledged.
Guidelines
We ask that you:
- Give us a reasonable amount of time to address the issue before disclosing it publicly.
- Avoid accessing or modifying other users’ data.
- Do not perform denial-of-service attacks, social engineering, or physical security testing.
- Only test against accounts you own or have explicit permission to test.
If you follow these guidelines, we will not pursue legal action against you in connection with your research. We consider responsible security research conducted in accordance with this policy to be authorised activity.
Scope
The following are in scope:
- hackaws.cloud (marketing website)
- platform.hackaws.cloud (application)
- Associated API endpoints
Third-party services we use (AWS, Google, GitHub) are out of scope. Please report issues with those services directly to their respective security teams.