LifeOmic

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.dev.lifeomic.com URL medium medium medium critical
*.us.lifeomic.com URL high high high critical
Please note: Account signup will require a real credit card in production(*.us.lifeomic.com). You can bypass this restriction by testing in our dev instance (*.dev.lifeomic.com).
Scope Not Listed (See Instruction) OTHER critical
If you identify a bug on a scope not listed here, you can use this asset. Please indicate in the report any relevant information about that asset (e.g. domain name, etc.) so we can determine if we'd like to add it to the scope of the program. **PLEASE DO NOT TEST AGAINST OR SUBMIT BUGS ON ANYTHING EXPLICITLY LISTED AS OUT OF SCOPE.**
api.dev.lifeomic.com URL critical
REST API
apps.dev.lifeomic.com URL high high high critical
billing.dev.lifeomic.com URL critical
com.lifeomic.life APPLE_STORE_APP_ID medium medium medium critical
developers.dev.lifeomic.com URL critical
fhir.dev.lifeomic.com URL critical
REST API
ga4gh.dev.lifeomic.com URL critical
REST API
https://github.com/lifeomic/cli SOURCE_CODE medium medium medium critical
https://jupiterone.io/ URL medium medium medium critical
https://lifeapps.io URL medium medium medium critical
lifeomic.com URL medium medium low critical
lifeomic.com/security URL medium medium medium critical
security.lifeomic.com URL critical
webhooks.infra.lifeomic.com URL critical
*.dev.jupiterone.io URL high high high critical
*.infra.lifeomic.com URL critical
com.lifeomic.LIFEExtend APPLE_STORE_APP_ID high high high critical
LifeExtend in the iOS App Store.
com.lifeomic.lifeextend GOOGLE_PLAY_APP_ID high high high critical
LifeExtend in the Android App Store
com.lifeomic.lifefasting GOOGLE_PLAY_APP_ID high high high critical
Life Fasting App in the Google Play Store
https://apps.wellness.dev.lifeomic.com URL critical
https://lifeology.dev.lifeomic.com URL high high high critical

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
*.amazon.com URL none
Please do not test against Amazon Web Services infrastructure. If you find any misconfigurations (e.g. world-accessible S3 bucket), please report it using one of assets in scope.
*.amazoncognito.com URL none
Please do not test against Amazon Web Services infrastructure. If you find any misconfigurations (e.g. world-accessible S3 bucket), please report it using one of assets in scope.
samplereceiving.dev.lifeomic.com URL none
We are still in process of working on this application's security features, and will add it to the program scope later
https://support.jupiterone.io URL none
This is a third party service (Zendesk). Please do not test.
*.us.lifeomic.com URL high high high none
Please note: Our dev instance is identical to this (plus a few new features) so please only test in dev (*.dev.lifeomic.com).
https://jupiterone.io/ URL medium medium medium none
https://lifeapps.io URL medium medium medium none
info.jupiterone.io URL none
Please DO NOT test against this domain.
info.lifeomic.com URL none
Please DO NOT test against this domain.
jupiterone.com URL none
lifeomic.com URL none