Dezerv Responsible Disclosure Programme
Dezerv Responsible Disclosure Programme
We invite security researchers and ethical hackers to help us identify and responsibly disclose vulnerabilities
We invite security researchers and ethical hackers to help us identify and responsibly disclose vulnerabilities
Rules of Engagement
Rules of Engagement
Rules of Engagement
To ensure a productive and respectful collaboration, we ask all participants to adhere to the following guidelines:
To ensure a productive and respectful collaboration, we ask all participants to adhere to the following guidelines:
To ensure a productive and respectful collaboration, we ask all participants to adhere to the following guidelines:
To ensure a productive and respectful collaboration, we ask all participants to adhere to the following guidelines:
Protect User Privacy
Do not access, alter, or share user data.
Protect User Privacy
Do not access, alter, or share user data.
Protect User Privacy
Do not access, alter, or share user data.
Non-Invasive Testing
Avoid tests that could disrupt services (e.g., DoS attacks).
Non-Invasive Testing
Avoid tests that could disrupt services (e.g., DoS attacks).
Non-Invasive Testing
Avoid tests that could disrupt services (e.g., DoS attacks).
Stay In Scope
Test only the systems listed under “In-Scope Assets.”
Stay In Scope
Test only the systems listed under “In-Scope Assets.”
Stay In Scope
Test only the systems listed under “In-Scope Assets.”
Keep It Private
Share vulnerabilities only with our team. Avoid public disclosure.
Keep It Private
Share vulnerabilities only with our team. Avoid public disclosure.
Keep It Private
Share vulnerabilities only with our team. Avoid public disclosure.
Co-ordination
You are obliged to share any extra information if asked for, refusal will invalidate submission.
Co-ordination
You are obliged to share any extra information if asked for, refusal will invalidate submission.
Co-ordination
You are obliged to share any extra information if asked for, refusal will invalidate submission.
Follow the Law
All testing must comply with applicable laws and regulations.
Follow the Law
All testing must comply with applicable laws and regulations.
Follow the Law
All testing must comply with applicable laws and regulations.
Use Your Own Account
Testing must be performed using accounts you own.
Use Your Own Account
Testing must be performed using accounts you own.
Use Your Own Account
Testing must be performed using accounts you own.
Failure to comply may result in removal from the programme or legal action.
Failure to comply may result in removal from the programme or legal action.
In scope assets
In scope assets
In scope assets
The following systems are within the scope of this programme:
The following systems are within the scope of this programme:
The following systems are within the scope of this programme:
The following systems are within the scope of this programme:
1
Dezerv.in
1
Dezerv.in
1
Dezerv.in
2
Dezerv Mobile App (iOS & Android)
2
Dezerv Mobile App (iOS & Android)
2
Dezerv Mobile App (iOS & Android)
3
Wealth Monitor App (iOS & Android)
3
Wealth Monitor App (iOS & Android)
3
Wealth Monitor App (iOS & Android)
Out-of-Scope Assets
Out-of-Scope Assets
Out-of-Scope Assets
Strictly prohibited from testing the following:
Strictly prohibited from testing the following:
Strictly prohibited from testing the following:
Strictly prohibited from testing the following:
Third-party platforms (e.g., payment processors, cloud services)
Third-party platforms (e.g., payment processors, cloud services)
Internal Dezerv networks or infrastructure
Internal Dezerv networks or infrastructure
Social engineering (e.g., phishing, vishing)
Social engineering (e.g., phishing, vishing)
Physical security or office assessments
Physical security or office assessments
Eligible Vulnerabilities
Eligible Vulnerabilities
Eligible Vulnerabilities
Priority
Priority
Priority
Critical
Critical
Critical
Critical
Critical
Critical
Critical
Critical
Critical
Critical
Critical
Critical
High
High
High
High
High
High
High
High
High
High
High
High
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Medium
Low
Low
Low
Low
Vulnerability Type
Vulnerability Type
Vulnerability Type
Remote Code Execution (RCE)
Remote Code Execution (RCE)
Remote Code Execution (RCE)
Remote Code Execution (RCE)
SQL Injection (High Impact)
SQL Injection (High Impact)
SQL Injection (High Impact)
SQL Injection (High Impact)
Authentication Bypass
Authentication Bypass
Authentication Bypass
Authentication Bypass
Persistent Cross-Site Scripting (XSS)
Persistent Cross-Site Scripting (XSS)
Persistent Cross-Site Scripting (XSS)
Persistent Cross-Site Scripting (XSS)
Broken Access Control
Broken Access Control
Broken Access Control
Broken Access Control
Sensitive Data Exposure
Sensitive Data Exposure
Sensitive Data Exposure
Sensitive Data Exposure
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF)
Insecure Direct Object References (IDOR)
Insecure Direct Object References (IDOR)
Insecure Direct Object References (IDOR)
Insecure Direct Object References (IDOR)
Information Disclosure (Non-Critical)
Information Disclosure (Non-Critical)
Information Disclosure (Non-Critical)
Information Disclosure (Non-Critical)
Example
Example
Example
Execute unauthorised code on our systems
Execute unauthorised code on our systems
Execute unauthorised code on our systems
Execute unauthorised code on our systems
Exfiltrate sensitive data from
databases
Exfiltrate sensitive data from
databases
Exfiltrate sensitive data from
databases
Exfiltrate sensitive data from
databases
Gain access to privileged areas without credentials
Gain access to privileged areas without credentials
Gain access to privileged areas without credentials
Gain access to privileged areas without credentials
Malicious scripts that impact other
users
Malicious scripts that impact other users
Malicious scripts that impact other
users
Malicious scripts that impact other
users
Access resources without permission
Access resources without permission
Access resources without permission
Access resources without permission
Leak of confidential user or system data
Leak of confidential user or system data
Leak of confidential user or system data
Leak of confidential user or system data
Perform actions on behalf of a user without their consent
Perform actions on behalf of a user without their consent
Perform actions on behalf of a user without their consent
Perform actions on behalf of a user without their consent
Accessing data belonging to other users
Accessing data belonging to other users
Accessing data belonging to other users
Accessing data belonging to other users
Minor leaks of system/configuration data
Minor leaks of system/configuration data
Minor leaks of system/configuration data
Minor leaks of system/configuration data
Any other vulnerabilities not mentioned above will be assessed at Dezerv's discretion, and duplicates, rule violations, low-impact issues, or those lacking exploit proof may not qualify for recognition.
Any other vulnerabilities not mentioned above will be assessed at Dezerv's discretion, and duplicates, rule violations, low-impact issues, or those lacking exploit proof may not qualify for recognition.
Submit a Report
How to Submit a Report
How to Submit a Report
How to Submit a Report
Ready to submit a vulnerability? Use our secure form to share your findings:
Ready to submit a vulnerability? Use our secure form to share your findings:
Ready to submit a vulnerability? Use our secure form to share your findings:
Ready to submit a vulnerability? Use our secure form to share your findings:
A clear and detailed description of the issue
A clear and detailed description of the issue
Step-by-step reproduction instructions
Step-by-step reproduction instructions
Potential security impact
Potential security impact
Any relevant evidence (screenshots, videos, PoC)
Any relevant evidence (screenshots, videos, PoC)
Our team will acknowledge your report within 48 hours and work with you to resolve the issue promptly.
Our team will acknowledge your report within 48 hours and work with you to resolve the issue promptly.
Our team will acknowledge your report within 48 hours and work with you to resolve the issue promptly.
Our team will acknowledge your report within 48 hours and work with you to resolve the issue promptly.
For any questions, reach out at: sec@dezerv.in
For any questions, reach out at: sec@dezerv.in
For any questions, reach out at: sec@dezerv.in
Submit a Report
You are building India’s future, we would like to build yours.
Track all your investments in one place
Download Wealth Monitor App
Our weekly expert newsletter on stories that matter to your money.
ISO 27001 Certified
Compliant with international data standards
Secure and private
Data encrypted with 256-bit AES encryption.
Regulated entity
With licenses from SEBI, APMI and AMFI
©2021-2025 Dezerv. All Rights Reserved
Dezerv Investments Private Limited is a registered as a Portfolio Manager bearing SEBI Registration no. INP000007377 and also acts as an Investment Manager to Dezerv Innovation Fund, Category – I AIF-VCF-Angel Fund bearing SEBI Registration no. IN/AIF1/22-23/1066; Dezerv Alternatives Trust, Category II AIF bearing SEBI Registration no. IN/AIF2/23-24/1345 and Dezerv Alpha Equity Trust, a Category III AIF bearing SEBI Registration no. IN/AIF3/23-24/1467.Distribution services are offered through
Dezerv Distribution Services Private Limited, a wholly owned subsidiary of Dezerv Investments Private Limited vide AMFI Registration no. (ARN)- 248439 and APMI registration no. (APRN)- 00615. Terms and condition of the website are applicable. Privacy Policy of the website is applicable.
You are building India’s future, we would like to build yours.
Download Wealth Monitor App
Our weekly expert newsletter on stories that matter to your money.
Compliant with international data standards
ISO 27001 Certified
With licenses from SEBI, APMI
and AMFI
Regulated entity
Data encrypted with 256-bit AES encryption.
Secure and private
©2021-2025 Dezerv. All Rights Reserved
Dezerv Investments Private Limited is a registered as a Portfolio Manager bearing SEBI Registration no. INP000007377 and also acts as an Investment Manager to Dezerv Innovation Fund, Category – I AIF-VCF-Angel Fund bearing SEBI Registration no. IN/AIF1/22-23/1066; Dezerv Alternatives Trust, Category II AIF bearing SEBI Registration no. IN/AIF2/23-24/1345 and Dezerv Alpha Equity Trust, a Category III AIF bearing SEBI Registration no. IN/AIF3/23-24/1467.Distribution services are offered through
Dezerv Distribution Services Private Limited, a wholly owned subsidiary of Dezerv Investments Private Limited vide AMFI Registration no. (ARN)- 248439 and APMI registration no. (APRN)- 00615. Terms and condition of the website are applicable. Privacy Policy of the website is applicable.
You are building India’s future, we would like to build yours.
Our weekly expert newsletter on stories that matter to your money.
Download Wealth Monitor App
KNOWLEDGE REPOSITORY
ABOUT
LEGAL
Compliant with international data standards
ISO 27001 Certified
With licenses from SEBI, APMI and AMFI
Regulated entity
Data encrypted with 256-bit AES encryption.
Secure and private
©2021-2025 Dezerv. All Rights Reserved
Dezerv Investments Private Limited is a registered as a Portfolio Manager bearing SEBI Registration no. INP000007377 and also acts as an Investment Manager to Dezerv Innovation Fund, Category – I AIF-VCF-Angel Fund bearing SEBI Registration no. IN/AIF1/22-23/1066; Dezerv Alternatives Trust, Category II AIF bearing SEBI Registration no. IN/AIF2/23-24/1345 and Dezerv Alpha Equity Trust, a Category III AIF bearing SEBI Registration no. IN/AIF3/23-24/1467.Distribution services are offered through
Dezerv Distribution Services Private Limited, a wholly owned subsidiary of Dezerv Investments Private Limited vide AMFI Registration no. (ARN)- 248439 and APMI registration no. (APRN)- 00615. Terms and condition of the website are applicable. Privacy Policy of the website is applicable.
