SigParser

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
api-beta.sigparser.com URL medium high medium critical
The APIs on this domain are all stateless APIs as in they shouldn't store anything between requests. You need to generate an API key in order to use them.
beta-ipaas.sigparser.com URL low high medium critical
This is a set of APIs for accessing data in the main SigParser application. It it designed to be used by applications like Zapier and Integromat but can be used by any other application to integrate with SigParser. Zapier and Integromat aren't actually connected with this beta endpoint. Don't use the production endpoints for testing.
beta.sigparser.com URL low low low medium
This is the landing page for our site. It's a static site so there isn't any actual customer data on this site and there isn't a database backing it. The main application is on a different domain.
beta1.sigparser.com URL none high high critical
This is the beta version of the application for SigParser. It is where you should do your testing for the main application. Please don't create test accounts on production.

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
Chat Widget in Website OTHER none
The chat widget at the bottom right of the website should not be tested. It's a third party component and each time someone tests it we get a notification about it like it's a real customer.
S3 Bucket - s3://staticwebcontent-beta OTHER none
This S3 bucket serves the static site content.
api.sigparser.com URL none
Don't test against this as it's the production resource.
app.sigparser.com URL none
Don't test against this as this is the production website.
ipaas.sigparser.com URL none
This is the production iPAAS SigParser site. Don't test against this.
sigparser.com URL none
The production website for SigParser. Not in scope.