Which domains are in scope?

In scope:

*.fruition.net
tools.fruition.net

Out of scope:

cdn.fruition.net

What bugs are NOT eligible?

Disruptive bugs or bugs with no/low impact or likelihood such as:

Missing Cookie flags on non-session cookies or 3rd party cookies Logout CSRF
Social engineering
Denial of service
Weak TLS ciphers
Email spoofing, SPF, DMARC & DKIM
Brute force attacks
Password policy improvements
Hardening tips (such as missing CSP header or SRI attribute)
What bugs are eligible?

Any typical web security bugs such as:

Cross-site Scripting
Open redirect
Cross-site request forgery
File inclusion
Authentication bypass
Server-side code execution
How to submit and format security reports?

Send to security@fruition.net

Name: name
Bug type: bugtype
Domain: domain
Severity: severity
URL: url
PoC: poc

Strategy & Research

Digital Marketing

Web Development

Enterprise Hosting

Creative

AI Data & Analytics

Aviation & Airports

Government & Public Sector

Enterprise & B2B

Client Success Stories

Insights & Resources

About Fruition

Which domains are in scope?

In scope:

Out of scope:

What bugs are NOT eligible?

Any typical web security bugs such as: